The word "auth keys" meant nothing to you, I guess: https://tailscale.com/kb/1085/auth-keys

What would be your use-case for auth keys with long expiry times? Auth keys are only required for registering new nodes.

When managing your infrastructure as code, it’s quite common to deploy new instances for upgrades etc. Having these keys expire after 3 months is a big pain. Eg doing a routine update by rebuilding an AMI.

I don’t understand how they can have such a strategy, and then not having any decent way to programmatically allocate new keys.

Yeah, that's a common workflow. It's easy to programatically allocate those keys using the OAuth workflow though – there's even a CLI utility to do it (https://tailscale.com/kb/1215/oauth-clients#get-authkey-util...)

This can all be automated using e.g. the Terraform Tailscale provider, which takes the OAuth id/secret and can then issue keys as needed for the infrastructure you are deploying.