ACL tag question

Tailscale user: I am almost done automating our TailScale implementation and I noticed we have a security concern that you have already started addressing. The one time auth keys we are using will enable the boxes to see each other. So if one were to get compromised, al of them will. A quick look at the docs and I found the upcoming ACL tags. Can we get access to the beta for that feature?

Also I am looking for way to automated to ACL process. Can we make changes to it via API?

Tailscale support: You can use ACL tags already. We don’t enforce which plan levels can use it while it’s in beta (or for trial accounts). Feel free to start using it.

And, yes, we have an API for updating ACLs but we need to enable it per-domain because it’s an early API and we might change it. Also, we have no docs yet, but it’s easy enough to describe with curl if you need it.

Tailscale user: Thanks for the response. I was also wondering if there’s a way to automate the creation of one-off keys. Currently, when we provision a new server (which we do a lot since we deploy hardware to our customer’s locations) we have to manually generate a server key and then copy-and-paste it into the script that provisions the server. If there was a simple API (curl example is plenty) that we could use to automate that it’d be helpful. I gather we’d also have to get the OAUTH right but I imagine that’s not particularly unique to TailScale.

Tailscale support: Not yet. We have an API project underway to address such needs, though.

For now, perhaps create a reusable key?