Autolock
Despite all of this built-in native security, restarting an older manager or restoring an old backup has the potential to compromise the cluster. Old managers re-joining a swarm automatically decrypt and gain access to the Raft log time-series database — this can pose security concerns. Restoring old backups can also wipe the current swarm configuration.
To prevent situations like these, Docker allows you to lock a swarm with the Autolock feature. This forces restarted managers to present the cluster unlock key before being admitted back into the cluster.
It’s possible to apply a lock directly to a new swarm by passing the --autolock
flag to the docker swarm init
command. However, we’ve already built a swarm, so we’ll lock our existing swarm with the docker swarm update
command.
Run the following command from a swarm manager.
Get hands-on with 1200+ tech skills courses.