The Changelog: Software Development, Open Source

From Tailnet to platform (Interview)

62 snips

Mar 11, 2026

David Carney, Co-founder and Chief Strategy Officer at Tailscale, builds identity-aware networking and TSNet apps and leads the Aperture AI gateway project. He discusses clickless auth with TSIDP, making apps appear as tailnet nodes via TSNet, multi-tailnet isolation for safe workloads, and Aperture for private AI API key control and observability.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

TSNet Turns Apps Into Network Nodes

TSNet is a user-space networking library that makes any Go application appear as a node on your tailnet with an IP and ACLs.
Apps built with TSNet inherit identity, connectivity, and policy, which Aperture uses as a TSNet app.

INSIGHT

Aperture Centralizes AI Keys And Identity

Aperture is a private AI gateway running as a tailnet node that centralizes API keys, logging, and identity for every model request.
By routing agent/model calls through Aperture, every API call is tied to a user identity and becomes auditable and controllable.

ADVICE

Route Agents Through A Central Gateway

To secure AI use, route coding agents through a gateway like Aperture so the gateway holds keys and attaches identity to every request.
This yields single-point observability, faster onboarding, and the ability to revoke or audit usage centrally.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Adam talks with Tailscale co-founder and Chief Strategy Officer David Carney about where Tailscale is headed next: TSIDP, TSNet, multiple tailnets, and Aperture. They get into clickless auth (via TSIDP), TSNet apps, multiple tailnets for isolation and control, and Aperture, Tailscale’s private AI gateway for API key management, observability, and agent security.

Join the discussion

Changelog++ members save 8 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Augment Code – Adam loves “Auggie” – Augment Code’s CLI that brings Augment’s context engine and powerful AI reasoning anywhere your code goes. From building alongside you in the terminal to any part of your development workflow.
NordLayer – Toggle-ready network security for modern businesses. Get an exclusive offer: up to 22% off NordLayer yearly plans plus 10% on top with the coupon code changelog-10-NORDLAYER. Try it risk-free with a 14-day money-back guarantee at nordlayer.com/thechangelog
Squarespace – Turn your expertise into a business with the all-in-one platform for websites, services, and getting paid. Use code CHANGELOG to save 10% on your first website purchase.
Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes.

Featuring:

David Carney – Website, GitHub, X
Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X

Show Notes:

Send an email to David ~> aperture@tailscale.com

Mentioned in this episode

Something missing or broken? PRs welcome!