How to use docker swarm unlock-key command to manage swarm unlock key

Introduction

In this lab, we will explore how to manage the Docker Swarm unlock key using the docker swarm unlock-key command. We will begin by initializing a Docker Swarm and then learn how to view the current unlock key, which is essential for unlocking the Swarm after a restart.

Following that, we will demonstrate how to rotate the swarm unlock key to enhance security. Finally, we will cover how to view only the unlock key using the quiet flag for streamlined output. This lab provides practical steps for managing this critical security feature in your Docker Swarm environment.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL docker(("Docker")) -.-> docker/SystemManagementGroup(["System Management"]) docker/SystemManagementGroup -.-> docker/system("Manage Docker") subgraph Lab Skills docker/system -.-> lab-555245{{"How to use docker swarm unlock-key command to manage swarm unlock key"}} end

View the current swarm unlock key

In this step, we will learn how to view the current swarm unlock key in a Docker Swarm. The swarm unlock key is used to unlock a Swarm after it has been restarted. This is a security measure to prevent unauthorized access to your Swarm.

First, we need to initialize a Docker Swarm. We will use the docker swarm init command. This command will initialize a new Swarm and make the current node a manager node.

docker swarm init

You should see output similar to this, indicating that the Swarm has been initialized:

Swarm initialized: current node (xxxxxxxxxxxx) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 192.168.1.100:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

Now that we have a Swarm initialized, we can view the current swarm unlock key using the docker swarm unlock-key command.

docker swarm unlock-key

This command will output the current swarm unlock key. It will look like a long string of characters.

Swarm unlock key: SWMKEY-1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Keep this key secure, as it is required to unlock your Swarm after a restart.

Rotate the swarm unlock key

In this step, we will learn how to rotate the swarm unlock key. Rotating the unlock key is a good security practice, especially if you suspect the current key may have been compromised.

To rotate the swarm unlock key, we use the docker swarm unlock-key --rotate command. This command will generate a new unlock key and replace the current one.

docker swarm unlock-key --rotate

After running the command, you will see output similar to this, showing the new unlock key:

Swarm unlock key: SWMKEY-1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Note that the new key is different from the key you saw in the previous step. The old key is now invalid and cannot be used to unlock the Swarm. Make sure to store the new key securely.

View the rotated swarm unlock key

In this step, we will verify that the swarm unlock key has been successfully rotated by viewing the current unlock key again.

We will use the same command as in the first step: docker swarm unlock-key.

docker swarm unlock-key

The output of this command should now show the new unlock key that was generated in the previous step when you rotated the key.

Swarm unlock key: SWMKEY-1-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

Compare this key to the one you saw in Step 1. They should be different, confirming that the rotation was successful.

View only the swarm unlock key using the quiet flag

In this step, we will learn how to view only the swarm unlock key without any additional output. This can be useful if you want to script the retrieval of the unlock key.

To view only the unlock key, we can use the --quiet or -q flag with the docker swarm unlock-key command.

docker swarm unlock-key --quiet

This command will output only the swarm unlock key itself, without the "Swarm unlock key:" prefix.

SWMKEY-1-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

This is the same unlock key you saw in the previous step, but the output is cleaner and easier to parse if you are using it in a script.

Summary

In this lab, we learned how to manage the Docker Swarm unlock key. We started by initializing a Swarm and then viewed the current unlock key using the docker swarm unlock-key command. This key is crucial for unlocking the Swarm after a restart.

We then explored how to rotate the swarm unlock key for security purposes using the docker swarm unlock-key --rotate command. Finally, we learned how to view the rotated key and how to display only the key itself using the --quiet flag with the docker swarm unlock-key command.