Behind the Scenes at Swarm Security

Swarm join tokens

The only thing that is needed to join new managers and workers to an existing swarm is the relevant join token. For this reason, it’s vital that you keep your join tokens safe. Do not post them on public GitHub repositories or even internal source code repositories that are not restricted.

Every swarm maintains two distinct join tokens:

• One for joining new managers
• One for joining new workers

It’s worth understanding the format of the Swarm join token. Every join token is comprised of 4 distinct fields separated by dashes (-):

PREFIX - VERSION - SWARM ID - TOKEN

The prefix is always SWMTKN. This allows you to pattern-match against it and prevents people from accidentally posting it publicly. The VERSION field indicates the version of the swarm. The Swarm ID field is a hash of the swarm’s certificate. The TOKEN field is the part that determines whether it can join nodes as managers or workers.

As the following shows, the manager and worker join tokens for a given Swarm are identical except for the final TOKEN field.

• MANAGER: SWMTKN-1-1dmtwusdc...r17stb-2axi53zjbs45lqxykaw8p7glz
• WORKER: SWMTKN-1-1dmtwusdc...r17stb-ehp8gltji64jbl45zl6hw738q

Revoking tokens

If you suspect that either of your join tokens has been compromised, you can revoke them and issue new ones with a single command. The following example revokes the existing manager join token and issues a new one.