/* Keys: Pre-auth keys + API keys (tabbed) */ function Keys() { const [tab, setTab] = useState("preauth"); return (

Keys

Pre-auth keys register devices · API keys authenticate the control API
{tab === "preauth" ? : }
); } function keyStatus(k) { if (k.expiration < Date.now()) return { label: "Expired", cls: "danger" }; if (!k.reusable && k.used) return { label: "Used", cls: "" }; const exp = expiryInfo(k.expiration); return { label: exp.soon ? exp.label : "Active", cls: exp.soon ? exp.cls : "online" }; } function PreauthKeys() { const s = useStore(); const toast = useToast(); const [modal, setModal] = useState(null); const [created, setCreated] = useState(null); const [confirmDel, setConfirmDel] = useState(null); // create form state — real defaults: single-use, short-lived const [user, setUser] = useState(s.users[0] && s.users[0].id); const [reusable, setReusable] = useState(false); const [ephemeral, setEphemeral] = useState(false); const [ttl, setTtl] = useState(1); const [tags, setTags] = useState([]); const submit = () => { const expiration = Date.now() + ttl * 86400000; const key = HS.act.createPreauth({ user, reusable, ephemeral, aclTags: tags, expiration }); setCreated(key); toast.push({ kind: "success", title: "Pre-auth key created", msg: reusable ? "Reusable key" : "Single-use key" }); }; return ( <>
{s.preauthKeys.map((k) => { const u = s.userById(k.user); const st = keyStatus(k); const expired = k.expiration < Date.now(); return ( ); })}
KeyUserPropertiesUsedStatus
{k.key.slice(0, 8)}…{k.key.slice(-4)}
{u && {u.name}}
{k.reusable ? "reusable" : "single-use"} {k.ephemeral && ephemeral} {k.aclTags?.map((t) => {t})}
{k.used ? used : unused} {st.label}
{!expired && }
Expire invalidates the key but keeps the record; Delete removes it entirely. Headscale exposes a used boolean, not a usage count.
{confirmDel && ( Permanently removes key {confirmDel.key.slice(0, 8)}…. Devices already registered with it stay connected.
} onConfirm={() => { HS.act.deletePreauth(confirmDel.id); toast.push({ kind: "success", title: "Key deleted" }); }} onClose={() => setConfirmDel(null)} /> )} {modal === "create" && ( setModal(null)} footer={created ? <>
: <>
}> {created ? (
Key generated — copy it now
This is the only time the full key is shown. Use it with tailscale up --authkey {created.slice(0,8)}…
) : ( <>
{s.userById(user) ? <>{s.userById(user).name} : no users}
}> {s.users.map((u) => setUser(u.id)}>{u.name})}
{ttl === 1 ? "1 day" : ttl + " days"}
}> {[1, 7, 30, 90, 180].map((d) => setTtl(d)}>{d === 1 ? "1 day" : d + " days"})}
{s.tagOwners.map((t) => ( setTags(tags.includes(t) ? tags.filter((x) => x !== t) : [...tags, t])}>{tags.includes(t) ? "✓ " : ""}{t} ))}
Nodes registered with this key get these tags (and become tag-owned).
)} )} ); } function ApiKeys() { const s = useStore(); const toast = useToast(); const [modal, setModal] = useState(null); const [created, setCreated] = useState(null); const [confirmDel, setConfirmDel] = useState(null); const [ttl, setTtl] = useState(90); return ( <>
{s.apiKeys.map((k) => { const st = keyStatus({ ...k, reusable: true }); const expired = k.expiration < Date.now(); return ( ); })}
PrefixAccessLast seenCreatedStatus
{k.prefix}
 full admin {k.lastSeen ? relTime(k.lastSeen) : "never"} {absDate(k.createdAt)} {st.label}
{!expired && }
Keys are identified by prefix only — Headscale stores no name/note. Every key grants full API access (no scopes).
{confirmDel && ( Any integration using {confirmDel.prefix}.… will immediately lose API access.
} onConfirm={() => { HS.act.deleteApiKey(confirmDel.id); toast.push({ kind: "success", title: "API key deleted" }); }} onClose={() => setConfirmDel(null)} /> )} {modal === "create" && ( setModal(null)} footer={created ? <>
: <>
}> {created ? (
Copy now — shown once
Pass via Authorization: Bearer {created.slice(0,12)}…
) : ( <>
API keys grant full administrative access — there are no per-resource scopes. Treat the secret like a root password.
{ttl} days
}> {[30, 90, 180, 365].map((d) => setTtl(d)}>{d} days)}
The only field Headscale stores besides the generated prefix.
)} )} ); } function ToggleRow({ label, desc, on, set }) { return (
{label}
{desc}
set(!on)} />
); } Object.assign(window, { Keys, ToggleRow });