Introducing the Tailscale Source Plugin

Introducing the Tailscale Source Plugin

December 15, 2022

Aleksandr Shcherbakov
Name
Aleksandr Shcherbakov
Twitter
@candiduslynx

CloudQuery is an open source high performance data integration platform designed for security and infrastructure teams. Today, we are happy to announce the release of the Tailscale source plugin for CloudQuery.

Tailscale provides zero-config VPN software and a web-based management service. To learn more about Tailscale visit their homepage (opens in a new tab).

CloudQuery now supports pulling ACL, Device and DNS resources from Tailscale (opens in a new tab) using Tailscale API.

Take a look at our Configuration section to configure required credentials for the plugin.

Below are some query examples to get you started.

Detect unauthorized devices

If you have added some devices but haven't authorized them you will not be able to connect them to your tailnet (opens in a new tab). It's best practice to keep your inventory clean, as Tailscale limits the amount of devices. Here's a query to check for unauthorized devices:

select dev.id, dev.user
from tailscale_devices as dev
where not dev.authorized
order by id;

This query would output a table of device IDs and corresponding users for unauthorized devices:

        id         |       user             
-------------------+------------------
 12345678901234567 | user@example.com
(1 row)

You can now put this in a dashboard or set up an alert on it.

Make sure all your devices have enabled key expiry

To keep your infrastructure secure it's best practice to make device keys expire. Here's a query to check for devices that have disabled key expiry.

select dev.id, dev.user
from tailscale_devices as dev
where dev.key_expiry_disabled
order by id;

This query would output a table of device IDs and corresponding users for devices that have key expiry disabled:

        id         |       user             
-------------------+------------------
 12345678901234567 | user@example.com
(1 row)

What's next

We are going to continue expanding the Tailscale source plugin, adding support for more resources. Interested in seeing another plugin? Check out Creating a New Plugin and/or open an issue on our GitHub (opens in a new tab).