2

Is there a risk in publicly (git / blogs) exposing your swarm token; even if your host machines are not publicly accessible via port :2377?

Example: terraform git repo to provision future worker nodes with the worker token contained in the repo.

Jim Angel
  • 73
  • 1
  • 6

1 Answers1

2

There can be a theoretical risk, since the docker swarm mode documentation mentions:

We recommend that you rotate the join tokens in the following circumstances:

  • If a token was checked-in by accident into a version control system, group chat or accidentally printed to your logs.
  • If you suspect a node has been compromised.
  • If you wish to guarantee that no new nodes can join the swarm.

Additionally, it is a best practice to implement a regular rotation schedule for any secret including swarm join tokens. We recommend that you rotate your tokens at least every 6 months.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250