Control: Customize node key expiration
Description
Require users to rotate keys by re-authenticating their devices to the network regularly. Devices connect to your tailnet using a public key which expires automatically after a period of time, forcing keys to rotate.
Usage
Run the control in your terminal:
powerpipe control run tailscale_compliance.control.security_best_practices_device_node_key_expireSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run tailscale_compliance.control.security_best_practices_device_node_key_expire --shareSteampipe Tables
SQL
select id as resource, case when key_expiry_disabled then 'alarm' else 'ok' end as status, case when key_expiry_disabled then name || ' key expiration disabled.' else name || ' key expiration enabled.' end as reason, tailnet_namefrom tailscale_device;