Tailscale — Our Secret Weapon for Clean, Secure Infra at Cubiq.lat
Let’s not sugarcoat it: the classic ways of giving developers access to servers are a special kind of torture.
Open SSH to the internet? Congratulations, you now host the world’s most popular brute-force target.
Roll a traditional VPN? Prepare for endless onboarding sessions, NAT traversal prayers, and the inevitable “it connects but nothing works” ticket.
At Cubiq.lat we decided we’d rather spend our energy building than babysitting network configs. So we brought in Tailscale — and it quietly changed everything.
Our servers now live in a private, encrypted mesh that’s completely invisible from the outside. Authorized team members connect from anywhere (Montevideo cafés, random co-working spaces, actual beaches) as if everything were sitting on localhost. No drama, just smooth.
Why We Actually Like Tailscale (and Keep It Around)
We were chasing three non-negotiables: real security, zero onboarding friction, and the freedom to ship fast without firewall begging rituals.
Tailscale checks every box while making legacy solutions look like museum pieces.
Security That Doesn’t Require Constant Vigilance
Publicly exposed ports are how companies end up in headlines we’d rather not star in.
Tailscale builds a proper Zero Trust overlay (WireGuard underneath, naturally). Every connection is end-to-end encrypted and gated by identity — not IP addresses that can be spoofed, shared, or coffee-shop-rotated.
No public endpoints. No bastion hosts collecting dust and CVEs. Just “you’re in the tailnet → here’s your server.” Attack surface shrinks dramatically. The 2026 peer-relay and workload-identity features only make it cleaner for pipelines and edge workloads.
Developer Happiness We Didn’t Know Was Possible
Remember spending half a day walking a new teammate through VPN profiles, config files, and why their ISP hates them?
We don’t do that anymore.
One binary, one login (Google, GitHub, whatever works), join the tailnet — and suddenly friendly hostnames just work: db-primary, staging-api, rabbitmq-nightmare. No VPN toggle. No split-tunnel roulette. No firewall-rule diplomacy.
NAT traversal is automatic. Multi-cloud is trivial. Dev on spotty 4G in the countryside? Still works.
Onboarding went from “please survive this afternoon” to “welcome, you’re already connected.” People ship faster because they’re not fighting the network.
Control That Actually Stays Manageable
Access rules live as code (GitOps fans, rejoice). Need to limit the intern to staging only? One policy. Someone leaves the company? Revoke in seconds from the dashboard.
Centralized audit logs, role-based permissions, and a single pane of glass mean we actually know who touched what — no more mystery SSH sessions.
The Part Where We Brag (Because It’s Earned)
Tailscale let us:
- Practically eliminate our public attack surface
- Turn developer connectivity into a non-issue
- Get enterprise-grade control without enterprise-grade bureaucracy
In a sea of “secure because it’s complicated” tools, Tailscale stands out by being secure and simple. We’re not sponsored — we’re just fans of anything that stops wasting our time.
If your infra still feels like it’s running on 2010 networking logic, give Tailscale a spin. Join the tailnet, watch the nonsense disappear, and get back to building.
Got questions? Ping us — we love this topic way too much.
Stay sharp, stay invisible.
— The Cubiq.lat crew
