Behind the Scenes at Swarm Security
Swarm join tokens
The only thing that is needed to join new managers and workers to an existing swarm is the relevant join token. For this reason, it’s vital that you keep your join tokens safe. Do not post them on public GitHub repositories or even internal source code repositories that are not restricted.
Every swarm maintains two distinct join tokens:
- One for joining new managers
- One for joining new workers
It’s worth understanding the format of the Swarm join token. Every join token is comprised of 4 distinct fields separated by dashes (
PREFIX - VERSION - SWARM ID - TOKEN
The prefix is always
SWMTKN. This allows you to pattern-match against it and prevents people from accidentally posting it publicly. The
VERSION field indicates the version of the swarm. The
Swarm ID field is a hash of the swarm’s certificate. The
TOKEN field is the part that determines whether it can join nodes as managers or workers.
As the following shows, the manager and worker join tokens for a given Swarm are identical except for the final
If you suspect that either of your join tokens has been compromised, you can revoke them and issue new ones with a single command. The following example revokes the existing manager join token and issues a new one.