How Cleric uses tsnet to securely automate software operations

Cleric, a company developing an autonomous AI Site Reliability Engineer (SRE), has utilized Tailscale and the tsnet library to create a secure and efficient connectivity layer that simplifies integration and operation for customers. This approach addresses the challenge of accessing diverse and secure internal tools, databases, and telemetry providers without burdening platform and security teams. Traditional methods like reverse proxies and cloud-native connectivity posed significant trade-offs, such as maintenance complexity and operational bottlenecks. Instead, Cleric employs Tailscale’s WireGuard-based mesh to establish encrypted, peer-to-peer connections, virtualizing customer resources as distinct devices within their architecture. The solution enhances security by avoiding traditional VPN pitfalls, as it only grants access to explicitly configured endpoints, ensuring lateral movement is impossible and making the setup easily auditable. This innovative strategy has streamlined Cleric's operations, significantly reducing time-to-value and allowing the team to focus on advancing autonomous operations.