Tailscale state file encryption no longer enabled by default
Jan 6, 2026Linux State file encryption and hardware attestation keys are no longer enabled by default. Failure to load hardware attestation keys no longer prevents the client from starting. This could happen when the TPM device is reset or replaced. Windows State file encryption and hardware attestation keys are no longer enabled by default. Failure to load hardware attestation keys no longer prevents the client from starting. This could happen when the TPM device is reset or replaced. A new release of the Tailscale container image is available. You can download it from Docker Hub or from our GitHub packages repository. Hardware attestation keys are no longer added to Kubernetes state Secrets, making it possible to change the Kubernetes node the Tailscale containers are deployed on. …
