Docker Swarm Join Token
ID |
docker_swarm_join_token |
Severity |
low |
Vendor |
Docker |
Family |
API Token |
Description
Docker swarm is a container orchestration tool, meaning that it allows the user to manage multiple containers deployed across multiple host machines that have been configured to join together in a cluster. The activities of the cluster are controlled by a swarm manager, and machines that have joined the cluster are referred to as nodes.
In order to join a Swarm as a worker or a manager, a host must provide the corresponding token.
Security
Any hardcoded Docker Swarm Joint Token is a potential secret reported by this detector.
Accidentally checking-in the token to source control repositories could compromise the Docker Swarm cluster.
Examples
docker swarm join --token SWMTKN-1-mq1wr96ugu1hoshwlk68fox2o7nr4lare0lrxys8jgclopz8k1-87b4yza7wftmkslr6wicb45ma 192.168.0.28:2377
Mitigation / Fix
-
Remove the
Tokenfrom the source code or committed configuration file. -
Follow your policy for handling leaked secrets, which typically require revoking the secret in the target system(s). You can rotate the join token using the cli command
docker swarm join-token --rotate manager|worker. Similarly, the unlock key can be rotated withdocker swarm unlock-key --rotate -
If under a git repository, you may remove unwanted files from the repository history using tools like
git filter-repoorBFG Repo-Cleaner. You may follow the procedure listed here for GitHub.
|
You should consider any sensitive data in commits with secrets as compromised. Remember that secrets may be removed from history in your projects, but not in other users' cloned or forked repositories. |