Implement Key Expiry

[nikking]

Feature request

Tailscale offers a feature called Key Expiry.

As a security feature, users need to periodically reauthenticate on each of their devices. The default expiration period depends on your domain setting. By default, new domains are set with an expiry period of 180 days.

I'm interested to use Headscale with my org and key expiration is a security requirement.

[FStelzer]

depending on what the time the expiry should be based on you can quite easily do this using the api.
I'm using something similar to:
headscale nodes list -o json | jq '.[] | select(.last_seen.seconds < (now - 86400)) | .id' | xargs -iID headscale nodes expire -i ID

in a cron to automatically expire keys that have not been online for one day (86400s) in this case. Using the jq selector you can filter for all kinds of user info. try "headscale nodes list -o json" to see whats available and might fit your needs.
Not as easy as just a config flag but quite a bit more flexible