Docker Swarm Unlock Key
ID |
docker_swarm_unlock_key |
Severity |
low |
Vendor |
Docker |
Family |
API Token |
Description
Docker swarm is a container orchestration tool, meaning that it allows the user to manage multiple containers deployed across multiple host machines that have been configured to join together in a cluster. The activities of the cluster are controlled by a swarm manager, and machines that have joined the cluster are referred to as nodes.
Swarms can be configured to lock themselves after Manager Docker daemons have been restarted. Unlocking them requires an unlock-key.
Security
Any hardcoded Docker Swarm Unlock Key is a potential secret reported by this detector.
Accidentally checking-in the key to source control repositories could compromise the Docker Swarm cluster.
Mitigation / Fix
-
Remove the
Keyfrom the source code or committed configuration file. -
Follow your policy for handling leaked secrets, which typically require revoking the secret in the target system(s). The unlock key can be rotated with
docker swarm unlock-key --rotate -
If under a git repository, you may remove unwanted files from the repository history using tools like
git filter-repoorBFG Repo-Cleaner. You may follow the procedure listed here for GitHub.
|
You should consider any sensitive data in commits with secrets as compromised. Remember that secrets may be removed from history in your projects, but not in other users' cloned or forked repositories. |