1

Tailscale supports a few different kinds of auth keys, including one-time keys, reusable keys, and ephemeral keys: https://tailscale.com/kb/1085/auth-keys/

When should I use which key?

Which type of key should I use if I have multiple different servers that I want to add all at once?

Maya Kaczorowski
  • 95
  • 5

1 Answers1

1

When should I use which key?

  • One-time keys are meant to be used a single time. They're for connecting a single device or server, one time. This is specifically meant for situations where you can't authenticate on the device yourself, so using a key is more practical.
  • Reusable keys are meant for a service which is occasionally disconnected and reconnected, but needs to remain the same node when it reconnects. For example, an on-prem database might fit in this category.
  • Ephemeral keys are meant for similar but different resources that are short-lived. These will reconnect as a different node, and no longer active previous node will be removed. For example, containers or Lambda functions should use ephemeral keys.

Which type of key should I use if I have multiple different servers that I want to add all at once?

If you're adding lots of servers at once, right now, the best option is to use a reusable key. Otherwise, you'll have to generate a new one-time key each time. Be careful with this key though - if this key is compromised, there may be a lot of machines whose keys you want to change.

Maya Kaczorowski
  • 95
  • 5