docker docker-swarm privacy terraform docker-swarm-mode

Is the docker swarm join token private?

Is there a risk in publicly (git / blogs) exposing your swarm token; even if your host machines are not publicly accessible via port :2377?

Example: terraform git repo to provision future worker nodes with the worker token contained in the repo.

Solution

There can be a theoretical risk, since the docker swarm mode documentation mentions:

We recommend that you rotate the join tokens in the following circumstances:

If a token was checked-in by accident into a version control system, group chat or accidentally printed to your logs.

If you suspect a node has been compromised.

If you wish to guarantee that no new nodes can join the swarm.

Additionally, it is a best practice to implement a regular rotation schedule for any secret including swarm join tokens. We recommend that you rotate your tokens at least every 6 months.

Running a local kibana in a container
Enable debugging of postgresql functions on database inside a docker container using pgAdmin
GDB Error: Unable to Fetch SVE/SSVE Vector Length ("Invalid Argument") on Docker - Ubuntu - Apple M4
Docker runs PostgreSQL in "trust" mode
Start up script fails with error "-e: invalid option", what is missing?
At least one invalid signature was encountered
How to combine a Nginx and a NodeJS Docker container
Keycloak 9.0.2 : missing script mapper
Error in anyjson setup command: use_2to3 is invalid
How to copy multi-arch docker images to a different container registry?
Can storing an API-key in .env file for a containerized Python app be considered safe?
Can Windows containers be hosted on Linux?
Creating/generating files in a mounted volume on docker container own to regular user and not to root
exec: "docker-credential-desktop.exe": executable file not found in $PATH
traefik configuration for netdata on docker
How do I make a Docker container start automatically on system boot?
windows run docker with --network=host and access with 127.0.0.1
Quarkus dev postgresql container not shutting down with quarkus
Permission issue with PostgreSQL in docker container
Enviroment variable with brackets in Linux?
Starting application development using Docker or configuring Docker during development?
Installing gcc13 and g++13 in Debian bookworm rust docker image
Conditional COPY/ADD in Dockerfile?
nginx - php-fpm - azure container app returns truncated pages
What are Docker COPY's rules about symlinks / how can I preserve symlinks?
HTTP 500 Error (Axios, React/Laravel, WSL2, Docker)
Jenkinsfile Throws docker: not found in Jenkins Running on Docker for CI/CD of Spring Boot Project
Prisma openssl version issue
AWS ECS agent won't start
Docker PHP alpine can't configure Apache to use PHP