Query Tailscale
Query Tailscale networks with cnquery
Rely on cnquery to query and inventory your Tailscale networks (tailnets). Explore devices, users, DNS nameservers, and more within your Tailscale infrastructure.
Requirements
To analyze your Tailscale environment with cnquery, you must have:
- cnquery installed on your workstation.
- A Tailscale account with access to your tailnet.
- Either an API access token or OAuth client credentials.
Configure access to Tailscale
Using an API access token
- Log in to the Tailscale admin console.
- Navigate to Settings > Keys.
- Generate an API access token.
To connect using the API token:
cnquery shell tailscale --token YOUR_ACCESS_TOKENYou can also set the TAILSCALE_API_KEY environment variable.
Using OAuth client credentials
For OAuth authentication:
cnquery shell tailscale --client-id YOUR_CLIENT_ID --client-secret YOUR_CLIENT_SECRETYou can also set these environment variables:
TAILSCALE_OAUTH_CLIENT_IDTAILSCALE_OAUTH_CLIENT_SECRETTAILSCALE_TAILNET(optional, for specifying the tailnet)
Example queries
This query retrieves the tailnet organization name:
cnquery> tailscale.tailnet
tailscale.tailnet: "example.com"This query retrieves all devices in the tailnet:
cnquery> tailscale.devices
tailscale.devices: [
0: tailscale.device name="laptop-1"
1: tailscale.device name="server-prod"
...
]This query retrieves all users:
cnquery> tailscale.users
tailscale.users: [
0: tailscale.user loginName="user@example.com"
...
]This query retrieves configured DNS nameservers:
cnquery> tailscale.nameservers
tailscale.nameservers: [
0: "100.100.100.100"
...
]This query lists devices with their details:
cnquery> tailscale.devices { name addresses os lastSeen }Exit the cnquery shell
To exit the cnquery shell, either press Ctrl + D or type exit.
Learn more
-
To learn more about how the MQL query language works, read Write Effective MQL.
-
For a list of all the Tailscale resources and fields you can query, read the Tailscale Resource Pack Reference.