Locking a Swarm

We'll cover the following

Autolock

Despite all of this built-in native security, restarting an older manager or restoring an old backup has the potential to compromise the cluster. Old managers re-joining a swarm automatically decrypt and gain access to the Raft log time-series database — this can pose security concerns. Restoring old backups can also wipe the current swarm configuration.

To prevent situations like these, Docker allows you to lock a swarm with the Autolock feature. This forces restarted managers to present the cluster unlock key before being admitted back into the cluster.

It’s possible to apply a lock directly to a new swarm by passing the --autolock flag to the docker swarm init command. However, we’ve already built a swarm, so we’ll lock our existing swarm with the docker swarm update command.

Run the following command from a swarm manager.

Get hands-on with 1200+ tech skills courses.