Behind the Scenes at Swarm Security
Let's look behind the scenes at some of the security technologies involved in a swarm.
We'll cover the following
Swarm join tokens
The only thing that is needed to join new managers and workers to an existing swarm is the relevant join token. For this reason, it’s vital that you keep your join tokens safe. Do not post them on public GitHub repositories or even internal source code repositories that are not restricted.
Every swarm maintains two distinct join tokens:
- One for joining new managers
- One for joining new workers
It’s worth understanding the format of the Swarm join token. Every join token is comprised of 4 distinct fields separated by dashes (-
):
PREFIX - VERSION - SWARM ID - TOKEN
The prefix is always SWMTKN
. This allows you to pattern-match against it and prevents people from accidentally posting it publicly. The VERSION
field indicates the version of the swarm. The Swarm ID
field is a hash of the swarm’s certificate. The TOKEN
field is the part that determines whether it can join nodes as managers or workers.
As the following shows, the manager and worker join tokens for a given Swarm are identical except for the final TOKEN
field.
- MANAGER:
SWMTKN-1-1dmtwusdc...r17stb-2axi53zjbs45lqxykaw8p7glz
- WORKER:
SWMTKN-1-1dmtwusdc...r17stb-ehp8gltji64jbl45zl6hw738q
Revoking tokens
If you suspect that either of your join tokens has been compromised, you can revoke them and issue new ones with a single command. The following example revokes the existing manager join token and issues a new one.
Get hands-on with 1400+ tech skills courses.