Tailscale MCP. Administer your zero-trust network in natural conversation.
Tailscale MCP gives your agent full administrative control over a zero-trust mesh network. List devices, adjust access rules (ACLs), manage user identities, and audit node keys—all through natural conversation. Manage your private infrastructure without leaving your chat client.
Claude 
ChatGPT 
Cursor 
Gemini 
Windsurf 
VS Code 
JetBrains 
Vercel Give Claude and any AI agent real-world access
List every connected machine or retrieve detailed information on a specific device within the tailnet.
Fetch and update complex access control policies, defining exactly which users and devices can communicate across your network.
List all registered users or generate, list, and delete authentication keys for automated node joining.
Authorize new machines to join the network, update device tags for organization, or securely remove retired devices.
Ask an AI about this
Waiting for input…
What AI agents can do with Tailscale MCP – 13 Tools for Network Management
These tools allow your agent to perform every administrative function required for managing a complex zero-trust mesh network, from policy updates to user auditing.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using Tailscale MCPAuthorize Device
Approves a machine joining your tailnet.
Create Auth Key
Generates a new, reusable authentication key for the network.
Delete Auth Key
Removes an existing authentication key from the system.
Delete Device
Permanently removes a specified device from your tailnet inventory.
Get Tailnet Acl
Retrieves a full copy of the current network access control policy (ACL).
Get Auth Key
Fetches details about an existing authentication key.
Get Device
Retrieves specific operational details for a single device on the network.
Get User
Fetches detailed profile data for a specified user account.
List Auth Keys
Lists all current authentication keys associated with the network.
List Tailnet Devices
Provides a comprehensive list of every device connected to the tailnet.
List Users
Lists all user accounts registered within the network.
Update Tailnet Acl
Modifies or updates the entire set of network access control policies (ACLs).
Update Device Tags
Adds, changes, or removes organizational tags from one or more devices.
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The Tailscale integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on each call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Tailscale, then connect any of our 5,200+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,200+ others, all in one place
- Add new capabilities to your AI anytime you want
- Connections are secured and governed automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog weekly
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Tailscale. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS CLOUD
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on each call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
The headache of jumping between admin consoles and terminals is real.
Today, managing network access feels like a multi-tab circus. You check the web console for device status, then switch to the terminal to generate an auth key, and finally jump back to edit policy files in a separate YAML editor. Every time you switch context, you risk making a mistake or missing a dependency.
With this MCP, your agent handles all that complexity inside your chat window. You ask it to update access rules, and boom—the network is updated. Your AI acts as the single pane of glass for your entire infrastructure.
Tailscale's administrative tools through the Tailscale MCP.
Specific manual steps that vanish include checking device tags across multiple dashboards, manually generating and storing auth keys in a secure vault, and reconciling which users have which specific rights. All these actions are now invoked by simple conversation.
Your workflow isn't just faster; it's fundamentally different. You gain conversational control over an otherwise complex command-line domain.
What Tailscale MCP does for your AI
Connecting your Tailscale network to this MCP lets your AI agent act as an administrator for your entire zero-trust infrastructure. You gain complete visibility into every device connected to your tailnet, meaning you can query details about specific nodes or check the status of all registered machines instantly. Need to tighten security? Your agent handles updating complex access control policies (ACLs), allowing you to manage network permissions without ever touching a web console or writing a manual policy file.
It also manages authentication keys and users, letting you automate node joining or audit who's on the network right now. You can even delete decommissioned devices securely using their unique IDs. By connecting this MCP via Vinkius, your AI client gets all these administrative tools in one place, turning tedious infrastructure management into simple conversation.
019e38f7-ab7e-701b-8573-c1edd6364cb5 
How to set up Tailscale MCP
The bottom line is that you manage complex networking tasks conversationally, treating your AI client like a dedicated administrator terminal.
Subscribe to this MCP and provide your Tailscale API key.
Your AI client uses the provided credentials to connect directly to your private network's administrative layer.
You interact with the system using plain language prompts, and the agent executes the required command against your live infrastructure.
Who uses Tailscale MCP
This MCP is for the security engineer who needs to audit access policies rapidly. It's for the DevOps specialist tired of context switching between CLI and dashboard views. If you manage network identity, device provisioning, or compliance rules, this tool saves hours.
Using the MCP to quickly list nodes, update device tags for environment separation, or generate temporary auth keys needed by a CI/CD pipeline.
Checking current access control policies (ACLs) and auditing user profiles or listing all connected devices to ensure zero-trust compliance after an incident.
Authorizing new employee laptops to join the network, managing device cleanup by deleting old nodes, or viewing detailed user profile information.
Benefits of connecting Tailscale MCP
Stop context switching. You never need to jump from the Tailscale console to a terminal or another dashboard. Your agent performs admin tasks directly within your chat interface, saving you clicks and time.
Enforce strict security policies on demand. Need to change who can talk to what? Use the MCP to update network access control policies (ACLs) instantly through conversational prompts.
Automate onboarding and offboarding. You can generate reusable auth keys or list all users, making it simple for your agent to handle identity management without manual key generation.
Maintain a clean inventory. Instead of manually checking logs for old machines, you can use the MCP to list tailnet devices, audit them, and securely delete decommissioned nodes by ID.
Get immediate device context. Need to know if 'web-server-01' is running? You get specific details on any machine using the get_device tool without ambiguity.
Tailscale MCP use cases
A new developer needs access.
The IT Admin asks their agent: 'I need to add Bob's laptop and make sure he can talk to the database.' The agent runs authorize_device for the machine, updates the ACL using update_tailnet_acl, and tags it correctly with update_device_tags. Done in three prompts.
Security audit after a breach.
The Security Analyst asks: 'Show me every user and what access they have.' The agent uses list_users to get the roster, then runs get_tailnet_acl, providing an immediate, auditable snapshot of all network permissions.
Automating CI/CD deployment.
The DevOps Engineer needs a temporary key for a test runner. They prompt: 'Create a reusable auth key for the staging environment.' The agent uses create_auth_key, providing the necessary ID for secure vault storage.
Cleaning up old infrastructure.
The IT Admin notices an old IP address that should be gone. They prompt: 'Delete device 14023.' The agent uses delete_device to ensure the machine is fully removed from the active tailnet inventory.
Tailscale MCP tradeoffs
What to watch out for, and the recommended way to handle each one.
Manual CLI key management
Copying and pasting API keys into a separate terminal session, then re-entering details in the admin web console.
Use create_auth_key to generate the necessary key directly through your agent. Keep the output secure; you'll need that ID for automation.
Ambiguous device status checks
Running a generic network health check that doesn't pinpoint which specific node is failing or why access was denied.
Use list_tailnet_devices to get the full list, and then use get_device on the ID of concern. This gives you precise diagnostic data.
Forgetting policy dependencies
Updating one part of the ACL (like user groups) but forgetting that another service relies on a specific tag being present.
Always run get_tailnet_acl first to see all current rules. Then, use update_device_tags and confirm the policy update with update_tailnet_acl.
When to use Tailscale MCP
Use this MCP if your workflow requires deep administrative control over a zero-trust mesh network (managing devices, ACLs, and users). You need to act as an administrator. Don't use it if you are only trying to read basic information about the network; then simple data fetching might suffice. Critically, don't try to use this for general API calls that aren't related to device or user management—this MCP is highly specialized. If your goal is simply listing users without changing any rules, list_users works fine. But if you need to change a rule, like using update_tailnet_acl, then you absolutely need this structured control.
Frequently asked questions about Tailscale MCP
How does the Tailscale MCP handle user identity? +
It gives your agent full access to list users and fetch detailed profile information using list_users and get_user. This lets you audit who is on the network without needing separate tools.
Can I use the Tailscale MCP to modify ACL policies? +
Yes, it's designed for that. You can retrieve existing policy files using get_tailnet_acl and then apply changes with update_tailnet_acl.
What if I need to remove a device entirely? +
You use the delete_device tool, providing the unique ID of the machine you want gone. This ensures it's securely removed from your tailnet inventory.
Do I need to manage keys separately if I use the MCP? +
No. The MCP handles key management directly. You can list existing keys with list_auth_keys or create a new one using create_auth_key.
Which role should use the Tailscale MCP first? +
Security teams benefit most. They need constant visibility into who is accessing what, making the audit tools like get_tailnet_acl indispensable for compliance checks.