{"slug":"access-crunchy-bridge-privately-using-tailscale","title":"Access Crunchy Bridge privately using Tailscale","tags":["tailscale","access-control"],"agent_summary":"Last validated: Jan 12, 2026","trigger_phrases":[],"runnable":false,"markdown":"\r\n# Access Crunchy Bridge privately using Tailscale\r\n\r\nLast validated: Jan 12, 2026\r\n\r\n[Crunchy Bridge](https://www.crunchydata.com/products/crunchy-bridge) is a managed Postgres service run in major cloud providers such as\r\nAmazon Web Services, Microsoft Azure, and Google Cloud Platform. It is built by the company\r\n[Crunchy Data](https://www.crunchydata.com/). Each Crunchy Bridge instance lives in its own virtual private cloud\r\n(VPC). The Tailscale integration for Crunchy Bridge lets users to connect to their Crunchy Bridge\r\ncluster securely for clouds where there are no VPCs, or directly where VPC peering doesn't make\r\nsense, for example, for testing.\r\n\r\n## [Prerequisites](https://tailscale.com/docs/integrations/crunchy-bridge\\#prerequisites)\r\n\r\nBefore you begin this guide, you'll need a tailnet and a Crunchy Bridge account.\r\n\r\n- For information about creating a tailnet, refer to the [Tailscale quickstart](https://tailscale.com/docs/how-to/quickstart).\r\n\r\n- For information about creating a Crunchy Bridge account, refer to [Crunchy Bridge](https://www.crunchydata.com/products/crunchy-bridge).\r\n\r\n\r\n## [Integration](https://tailscale.com/docs/integrations/crunchy-bridge\\#integration)\r\n\r\nRefer to the full instructions in Crunchy Data's [blog post](https://www.crunchydata.com/blog/crunchy-bridge-with-tailscale) for setting up an\r\nintegration with Tailscale.\r\n\r\nTo use Crunchy Bridge with Tailscale, you'll need to:\r\n\r\n1. Create an [auth key](https://tailscale.com/docs/features/access-control/auth-keys). You need to be an [Owner, Admin, or Network admin](https://tailscale.com/docs/reference/user-roles) of a tailnet to create an auth key.\r\nTo create the key, open the [Keys](https://login.tailscale.com/admin/settings/keys) page in the Tailscale admin console. We\r\nrecommend using a tagged reusable pre-authorized key for this purpose. A [tagged](https://tailscale.com/docs/features/tags) key\r\nrestricts the Crunchy Bridge device's permissions based on the [access control rules](https://tailscale.com/docs/features/access-control)\r\nfor the tag that will apply as soon as the device is provisioned. A reusable key is useful in\r\nretry connection logic, and pre-authorized so that every new instance doesn't need to be authorized.\r\n\r\n**Be very careful with reusable keys!** These can be very dangerous if stolen.\r\nThey're best kept in a key vault product specially designed for the purpose.\r\n\r\n2. In the Crunchy Bridge dashboard for managing your cluster, select **Networking** and then select\r\n**Tailscale**. For **Auth Key**, paste in the auth key that you previously created.\r\n\r\n3. Select **Connect Tailscale**.\r\n\r\n4. Open the [Machines](https://login.tailscale.com/admin/machines) page of the Tailscale admin console. After the connection\r\ninitializes, you should refer to the Crunchy Bridge cluster device in your tailnet. Copy the\r\nTailscale IP address, which is in the form [`100.x.y.z` format](https://tailscale.com/docs/reference/glossary#tailscale-ip-address).\r\n\r\n5. Use the Tailscale IP address when you connect to your Crunchy Bridge cluster. For example, if the\r\nTailscale IP address is `100.100.123.123` and you're using port `5432`:\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n```shell\r\npsql postgres://application:<your-application-id>@100.100.123.123:5432/postgres\r\n```\r\n\r\n\r\n## [Limitations](https://tailscale.com/docs/integrations/crunchy-bridge\\#limitations)\r\n\r\n- Auth keys expire after 90 days.\r\n\r\n![Project Logo](https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed)\r\n\r\nAsk AI\r\n\r\nreCAPTCHA\r\n\r\nRecaptcha requires verification.\r\n\r\nprotected by **reCAPTCHA**\r\n","html":"<h1>Access Crunchy Bridge privately using Tailscale</h1>\n<p>Last validated: Jan 12, 2026</p>\n<p><a href=\"https://www.crunchydata.com/products/crunchy-bridge\">Crunchy Bridge</a> is a managed Postgres service run in major cloud providers such as\r\nAmazon Web Services, Microsoft Azure, and Google Cloud Platform. It is built by the company\r\n<a href=\"https://www.crunchydata.com/\">Crunchy Data</a>. Each Crunchy Bridge instance lives in its own virtual private cloud\r\n(VPC). The Tailscale integration for Crunchy Bridge lets users to connect to their Crunchy Bridge\r\ncluster securely for clouds where there are no VPCs, or directly where VPC peering doesn't make\r\nsense, for example, for testing.</p>\n<h2><a href=\"https://tailscale.com/docs/integrations/crunchy-bridge#prerequisites\">Prerequisites</a></h2>\n<p>Before you begin this guide, you'll need a tailnet and a Crunchy Bridge account.</p>\n<ul>\n<li>\n<p>For information about creating a tailnet, refer to the <a href=\"https://tailscale.com/docs/how-to/quickstart\">Tailscale quickstart</a>.</p>\n</li>\n<li>\n<p>For information about creating a Crunchy Bridge account, refer to <a href=\"https://www.crunchydata.com/products/crunchy-bridge\">Crunchy Bridge</a>.</p>\n</li>\n</ul>\n<h2><a href=\"https://tailscale.com/docs/integrations/crunchy-bridge#integration\">Integration</a></h2>\n<p>Refer to the full instructions in Crunchy Data's <a href=\"https://www.crunchydata.com/blog/crunchy-bridge-with-tailscale\">blog post</a> for setting up an\r\nintegration with Tailscale.</p>\n<p>To use Crunchy Bridge with Tailscale, you'll need to:</p>\n<ol>\n<li>Create an <a href=\"https://tailscale.com/docs/features/access-control/auth-keys\">auth key</a>. You need to be an <a href=\"https://tailscale.com/docs/reference/user-roles\">Owner, Admin, or Network admin</a> of a tailnet to create an auth key.\r\nTo create the key, open the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys</a> page in the Tailscale admin console. We\r\nrecommend using a tagged reusable pre-authorized key for this purpose. A <a href=\"https://tailscale.com/docs/features/tags\">tagged</a> key\r\nrestricts the Crunchy Bridge device's permissions based on the <a href=\"https://tailscale.com/docs/features/access-control\">access control rules</a>\r\nfor the tag that will apply as soon as the device is provisioned. A reusable key is useful in\r\nretry connection logic, and pre-authorized so that every new instance doesn't need to be authorized.</li>\n</ol>\n<p><strong>Be very careful with reusable keys!</strong> These can be very dangerous if stolen.\r\nThey're best kept in a key vault product specially designed for the purpose.</p>\n<ol start=\"2\">\n<li>\n<p>In the Crunchy Bridge dashboard for managing your cluster, select <strong>Networking</strong> and then select\r\n<strong>Tailscale</strong>. For <strong>Auth Key</strong>, paste in the auth key that you previously created.</p>\n</li>\n<li>\n<p>Select <strong>Connect Tailscale</strong>.</p>\n</li>\n<li>\n<p>Open the <a href=\"https://login.tailscale.com/admin/machines\">Machines</a> page of the Tailscale admin console. After the connection\r\ninitializes, you should refer to the Crunchy Bridge cluster device in your tailnet. Copy the\r\nTailscale IP address, which is in the form <a href=\"https://tailscale.com/docs/reference/glossary#tailscale-ip-address\"><code>100.x.y.z</code> format</a>.</p>\n</li>\n<li>\n<p>Use the Tailscale IP address when you connect to your Crunchy Bridge cluster. For example, if the\r\nTailscale IP address is <code>100.100.123.123</code> and you're using port <code>5432</code>:</p>\n</li>\n</ol>\n<pre><code class=\"language-shell\">psql postgres://application:&#x3C;your-application-id>@100.100.123.123:5432/postgres\n</code></pre>\n<h2><a href=\"https://tailscale.com/docs/integrations/crunchy-bridge#limitations\">Limitations</a></h2>\n<ul>\n<li>Auth keys expire after 90 days.</li>\n</ul>\n<p><img src=\"https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed\" alt=\"Project Logo\"></p>\n<p>Ask AI</p>\n<p>reCAPTCHA</p>\n<p>Recaptcha requires verification.</p>\n<p>protected by <strong>reCAPTCHA</strong></p>\n"}