From 01982552663848378ba6cd6ac27013fe4d65f84b Mon Sep 17 00:00:00 2001
From: Kristoffer Dalby <kristoffer@tailscale.com>
Date: Thu, 19 Jun 2025 11:32:54 +0200
Subject: [PATCH] cmd/tailscale: warn user about nllock key removal without
 resigning

Fixes #19445

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
---
 cmd/tailscale/cli/network-lock.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/cmd/tailscale/cli/network-lock.go b/cmd/tailscale/cli/network-lock.go
index ae1e90bbf..871a931b5 100644
--- a/cmd/tailscale/cli/network-lock.go
+++ b/cmd/tailscale/cli/network-lock.go
@@ -17,12 +17,14 @@ import (
 	"strings"
 	"time"
 
+	"github.com/mattn/go-isatty"
 	"github.com/peterbourgon/ff/v3/ffcli"
 	"tailscale.com/ipn/ipnstate"
 	"tailscale.com/tka"
 	"tailscale.com/tsconst"
 	"tailscale.com/types/key"
 	"tailscale.com/types/tkatype"
+	"tailscale.com/util/prompt"
 )
 
 var netlockCmd = &ffcli.Command{
@@ -369,6 +371,18 @@ func runNetworkLockRemove(ctx context.Context, args []string) error {
 				}
 			}
 		}
+	} else {
+		if isatty.IsTerminal(os.Stdout.Fd()) {
+			fmt.Printf(`Warning
+Removal of a signing key(s) without resigning nodes (--re-sign=false)
+will cause any nodes signed by the the given key(s) to be locked out
+of the Tailscale network. Proceed with caution.
+`)
+			if !prompt.YesNo("Are you sure you want to remove the signing key(s)?") {
+				fmt.Printf("aborting removal of signing key(s)\n")
+				os.Exit(0)
+			}
+		}
 	}
 
 	return localClient.NetworkLockModify(ctx, nil, removeKeys)