Tailscale Key Expiry _hot_ Now

, because node key expiry is handled automatically by Tailscale and rarely requires user intervention.

Tailscale clients (Windows/macOS) can send native system notifications when a key is nearing its end, provided system-level notifications are enabled for the app.

expirySeconds = 2592000 = 30 days.

When a Tailscale key expires, it can no longer be used to authenticate devices to the network. This means that:

It is important to distinguish between the various keys Tailscale uses, as their expiry behaviors differ: tailscale key expiry

tailscale auth-key list

During this window, you must log into the device and run tailscale up --force-reauth (on CLI-based systems) or sign in via the app to fully renew the key. Key Expiry Comparison Summary Node Key (Default) Tagged Devices Default Duration Up to 90 Days Max Duration 180 Days (unless disabled) Can be Disabled? Yes, per-machine Yes (by default) Primary Use Ongoing device access Initial registration Servers/Automation Key expiry · Tailscale Docs , because node key expiry is handled automatically

1 year (8760 hours).