From Tailnet to platform (Changelog Interviews #679)

9 snips

Mar 11, 2026

David Carney, co-founder and Chief Strategy Officer at Tailscale, explains next‑gen platform work. He covers TSIDP for clickless OIDC logins, TSNet apps that make services appear as network nodes, multi‑tailnets for isolation, and Aperture, a private AI gateway for API key management, observability, and securing agent calls.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

TSNet Turns Apps Into Network Nodes

TSNet is a Go user-space networking stack that lets you embed Tailscale identity and connectivity into applications so they appear as nodes on a tailnet.
Aperture itself is a TSNet app, meaning any TSNet binary gets an IP, ACLs, and policy like a device.

ADVICE

Put API Keys Behind A Private Gateway

Consolidate API keys inside a private AI gateway so individual developers and agents never hold raw provider keys.
Carney describes routing all coding-agent traffic through Aperture to tie every API call to a Tailscale identity and logs.

INSIGHT

Gateway Unlocks AI Observability And Control

A gateway creates one place for observability, control, and real-time policy over AI usage, including logs, token metrics, and tool-call analysis.
Tailscale already associates identity with traffic, so Aperture logs per-user model inputs/outputs and groups them into sessions for review.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Adam talks with Tailscale co-founder and Chief Strategy Officer David Carney about where Tailscale is headed next: TSIDP, TSNet, multiple tailnets, and Aperture. They get into clickless auth (via TSIDP), TSNet apps, multiple tailnets for isolation and control, and Aperture, Tailscale’s private AI gateway for API key management, observability, and agent security.

Join the discussion

Changelog++ members save 8 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Augment Code – Adam loves “Auggie” – Augment Code’s CLI that brings Augment’s context engine and powerful AI reasoning anywhere your code goes. From building alongside you in the terminal to any part of your development workflow.
NordLayer – Toggle-ready network security for modern businesses. Get an exclusive offer: up to 22% off NordLayer yearly plans plus 10% on top with the coupon code changelog-10-NORDLAYER. Try it risk-free with a 14-day money-back guarantee at nordlayer.com/thechangelog
Squarespace – Turn your expertise into a business with the all-in-one platform for websites, services, and getting paid. Use code CHANGELOG to save 10% on your first website purchase.
Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes.

Featuring:

David Carney – Website, GitHub, X
Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X

Show Notes:

Send an email to David ~> aperture@tailscale.com

Mentioned in this episode

Something missing or broken? PRs welcome!