summaryrefslogtreecommitdiffhomepage
path: root/feature/condregister/awsparamstore/maybe_awsparamstore.go
AgeCommit message (Collapse)AuthorFilesLines
2026-01-29cmd/tailscale/cli: allow fetching keys from AWS Parameter StoreAndrew Dunham1-0/+8
This allows fetching auth keys, OAuth client secrets, and ID tokens (for workload identity federation) from AWS Parameter Store by passing an ARN as the value. This is a relatively low-overhead mechanism for fetching these values from an external secret store without needing to run a secret service. Usage examples: # Auth key tailscale up \ --auth-key=arn:aws:ssm:us-east-1:123456789012:parameter/tailscale/auth-key # OAuth client secret tailscale up \ --client-secret=arn:aws:ssm:us-east-1:123456789012:parameter/tailscale/oauth-secret \ --advertise-tags=tag:server # ID token (for workload identity federation) tailscale up \ --client-id=my-client \ --id-token=arn:aws:ssm:us-east-1:123456789012:parameter/tailscale/id-token \ --advertise-tags=tag:server Updates tailscale/corp#28792 Signed-off-by: Andrew Dunham <andrew@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.