• Workload identity federation now integrated across API, Go client, and Terraform provider. • India DERP server city name updated to Bengaluru, hosting provider and IPs unchanged. • Windows and Linux clients drop default state file encryption and hardware attestation keys. • Apple and Android clients keep secure node state storage encryption by default. • GitHub Action v4.1.1 now stores caches correctly on macOS runners. • Container image v1.92.5 removes hardware attestation keys from Kubernetes state secrets. • Kubernetes operator v1.92.5 stops automatic ARI certificate renewal to avoid failures.
Article Summaries:
- Tailscale January 2026 Update
Tailscale released several key updates this month. The Workload Identity Federation API now supports CRUD operations across the Tailscale API, the Go client library, and the Terraform provider. The DERP server in India was renamed to Bengaluru, with no change to hosting or IPs. Client v1.92.5 disables state‑file encryption and hardware attestation keys by default on Windows and Linux, while Apple and Android clients keep secure storage enabled. The GitHub Action v4.1.1 now uses the correct cache architecture for macOS runners. Container and Kubernetes operator images (v1.92.5) drop attestation keys from state secrets and stop automatic ACME renewal via ARI orders. The tsrecorder image received only library updates.
Sources: