Configure access to a Datasette instance with Tailscale
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
datasette-auth-tailscale
Configure access to a Datasette instance with Tailscale
[!WARNING] This is pre-alpha software that has not been thoroughly tested or reviewed yet!
Installation
Install this plugin in the same environment as Datasette.
datasette install datasette-auth-tailscale
Usage
This plugin authenticates Datasette users from the identity headers that Tailscale Serve injects when proxying tailnet traffic to a backend.
Run Datasette behind tailscale serve, listening only on localhost:
datasette mydata.db --host 127.0.0.1 --port 8001
tailscale serve --https=443 http://127.0.0.1:8001
[!WARNING] Bind Datasette to localhost. These headers are trusted unconditionally — Tailscale strips them from incoming requests before adding its own, but only for requests that actually arrive via Serve. If Datasette is reachable from your LAN or tailnet directly, anyone can spoof the headers and impersonate any user. Always bind to
127.0.0.1(or the loopback interface) so the only path to Datasette is through Serve.Tailscale Funnel does not include identity headers. Funnel users will be rejected by default (see
require_tailscalebelow).
Actor shape
A request from alice@example.com produces an actor like:
{
"id": "alice@example.com",
"display": "Alice Architect",
"picture": "https://example.com/alice.jpg",
}
id—Tailscale-User-Logindisplay—Tailscale-User-Name(omitted if not present)picture—Tailscale-User-Profile-Pic(omitted if not present)
Configuration
Configure under plugins.datasette-auth-tailscale in datasette.yaml:
plugins:
datasette-auth-tailscale:
require_tailscale: true
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file datasette_auth_tailscale-0.0.1a1.tar.gz.
File metadata
- Download URL: datasette_auth_tailscale-0.0.1a1.tar.gz
- Upload date:
- Size: 8.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.11 {"installer":{"name":"uv","version":"0.11.11","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
58914b19e1f747327578fb7ea5219ab573c38ab760440bf16792bd0a56d778a6
|
|
| MD5 |
358fb920715cb418e480d4798f03271c
|
|
| BLAKE2b-256 |
0087fccef800408ad13a3aac06cc7ff6045210ece4f440d8c62577eb13161e14
|
File details
Details for the file datasette_auth_tailscale-0.0.1a1-py3-none-any.whl.
File metadata
- Download URL: datasette_auth_tailscale-0.0.1a1-py3-none-any.whl
- Upload date:
- Size: 7.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.11 {"installer":{"name":"uv","version":"0.11.11","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
85042297cd01de8ade6816532b241a361796be086828ec50317cf190a1f6fed2
|
|
| MD5 |
09b6d5d3046ca1cba3ccd762d0d522ec
|
|
| BLAKE2b-256 |
52b7320e492ae6fb8c9250c9ddec04b8ac9549392f02153ca68a622009f19aa2
|
