manage_keys
Control Tailscale authentication keys by listing, creating, or deleting them, with options to set expiry, capabilities, and device-specific configurations for secure network access.
Instructions
Manage Tailscale authentication keys
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| keyConfig | No | Key configuration (for create operation) | |
| keyId | No | Authentication key ID (for delete operation) | |
| operation | Yes | Key management operation |
Implementation Reference
- src/tools/acl-tools.ts:308-401 (handler)The handler function that implements the logic for the 'manage_keys' tool. It supports 'list', 'create', and 'delete' operations on Tailscale authentication keys using the Tailscale API.async function manageKeys( args: z.infer<typeof KeyManagementSchema>, context: ToolContext, ): Promise<CallToolResult> { try { logger.debug("Managing authentication keys:", args); switch (args.operation) { case "list": { const result = await context.api.listAuthKeys(); if (!result.success) { return returnToolError(result.error); } const keys = result.data?.keys || []; if (keys.length === 0) { return returnToolSuccess("No authentication keys found"); } const keyList = keys .map((key, index: number) => { return `**Key ${index + 1}** - ID: ${key.id} - Description: ${key.description || "No description"} - Created: ${key.created} - Expires: ${key.expires} - Revoked: ${key.revoked ? "Yes" : "No"} - Reusable: ${key.capabilities?.devices?.create?.reusable ? "Yes" : "No"} - Preauthorized: ${ key.capabilities?.devices?.create?.preauthorized ? "Yes" : "No" }`; }) .join("\n\n"); return returnToolSuccess( `Found ${keys.length} authentication keys:\n\n${keyList}`, ); } case "create": { if (!args.keyConfig) { return returnToolError( "Key configuration is required for create operation", ); } const keyConfig = { ...args.keyConfig, capabilities: { devices: { create: { ...args.keyConfig.capabilities?.devices?.create, }, }, }, }; const result = await context.api.createAuthKey(keyConfig); if (!result.success) { return returnToolError(result.error); } return returnToolSuccess( `Authentication key created successfully: - ID: ${result.data?.id} - Key: ${result.data?.key} - Description: ${result.data?.description || "No description"}`, ); } case "delete": { if (!args.keyId) { return returnToolError("Key ID is required for delete operation"); } const result = await context.api.deleteAuthKey(args.keyId); if (!result.success) { return returnToolError(result.error); } return returnToolSuccess( `Authentication key ${args.keyId} deleted successfully`, ); } default: return returnToolError( "Invalid key operation. Use: list, create, or delete", ); } } catch (error: unknown) { logger.error("Error managing keys:", error); return returnToolError(error); } }
- src/tools/acl-tools.ts:62-93 (schema)Zod schema defining the input parameters for the 'manage_keys' tool, including operation type and optional configurations for key creation or deletion.const KeyManagementSchema = z.object({ operation: z .enum(["list", "create", "delete"]) .describe("Key management operation"), keyConfig: z .object({ description: z.string().optional(), expirySeconds: z.number().optional(), capabilities: z .object({ devices: z .object({ create: z .object({ reusable: z.boolean().optional(), ephemeral: z.boolean().optional(), preauthorized: z.boolean().optional(), tags: z.array(z.string()).optional(), }) .optional(), }) .optional(), }) .optional(), }) .optional() .describe("Key configuration (for create operation)"), keyId: z .string() .optional() .describe("Authentication key ID (for delete operation)"), });
- src/tools/acl-tools.ts:530-535 (registration)Registration of the 'manage_keys' tool within the aclTools module, linking the name, description, input schema, and handler function.{ name: "manage_keys", description: "Manage Tailscale authentication keys", inputSchema: KeyManagementSchema, handler: manageKeys, },