ipn/store: automatically migrate between plaintext and encrypted state (#16318)

Add a new `--encrypt-state` flag to `cmd/tailscaled`. Based on that flag, migrate the existing state file to/from encrypted format if needed. Updates #15830 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2025-08-21 10:27:30 +00:00 · 2025-06-26 17:09:13 -07:00
parent d2c1ed22c3
commit 6feb3c35cb
24 changed files with 546 additions and 26 deletions
--- a/ipn/store_test.go
+++ b/ipn/store_test.go
@@ -5,6 +5,7 @@ package ipn

 import (
 	"bytes"
+	"iter"
 	"sync"
 	"testing"

@@ -31,6 +32,19 @@ func (s *memStore) WriteState(k StateKey, v []byte) error {
 	return nil
 }

+func (s *memStore) All() iter.Seq2[StateKey, []byte] {
+	return func(yield func(StateKey, []byte) bool) {
+		s.mu.Lock()
+		defer s.mu.Unlock()
+
+		for k, v := range s.m {
+			if !yield(k, v) {
+				break
+			}
+		}
+	}
+}
+
 func TestWriteState(t *testing.T) {
 	var ss StateStore = new(memStore)
 	WriteState(ss, "foo", []byte("bar"))