Tailscale API Key
Service Name: Tailscale
Service Description: Tailscale is a zero-config VPN service that creates a secure network between your devices, making them act as if they're on the same local network regardless of location. It uses the WireGuard protocol for secure, encrypted connections.
Service Address: https://tailscale.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through Tailscale ACLs (Access Control Lists) at the network level, not directly on API keys.
Secret Access Scope: Tailscale API keys grant programmatic access to manage your Tailscale network, including devices, users, access controls, and network settings.
Secret Revokement URL: https://login.tailscale.com/admin/settings/keys
Secret Example: tskey-api-kxyz123456789abcdefghijklmnopqrstuv
Suspicious Activity Investigation Instructions:
- Review the Tailscale admin console for unauthorized devices or users
- Check API logs for unusual API calls or management activities
- Monitor for unexpected network configuration changes
- Review ACL changes that might have been made through the API
- Check for unexpected device authorizations or network access changes
Mitigation Instructions:
- Log in to the Tailscale admin console at https://login.tailscale.com/admin
-
Navigate to Settings > Keys
-
Locate the compromised API key
- Click "Revoke" next to the key to immediately invalidate it
- Create a new API key with appropriate permissions if needed
- Review and update your ACLs to ensure proper network access controls
- Audit all devices connected to your tailnet and remove any unauthorized
devices
- Consider enabling additional authentication requirements for sensitive
operations