Locking your Docker Swarm

Locking Docker Swarm.

Security is always a ground zero and with Docker, it is not different.

By locking your Docker Swarm Cluster, you are on the control of the keys that Docker uses to encrypt the Raft logs on disk and the TLS communication among your nodes.

How to lock a Docker Swarm Cluster?

You can either lock a new or an already running cluster.

For greenfield clusters, the following command is all that you need.

docker swarm init –autolock

For already deployed clusters, the command is:

docker swarm update –autolock=true

Both commands will prompt a key that is needed to unlock the cluster after a daemon restart (or whatever failure), example:


Keep this key noted somewhere secure, like in a password manager. When rotating your keys ( – shown at the end of this article), it’s recommended to keep the previous key for a while, in case of failure from the manager node while rotation.

How to unlock a Docker Swarm Cluster?

If your Docker daemon crashed, got restart or for whatever reason your server needed to be restarted or even replaced, the command to unlock your Docker Swarm is simple as:

docker swarm unlock

This command will ask you to provide the unlock generated key. This key is the same one displayed with the lock commands showed previously.

Disabling the locking protection

You may have your own good reasons to keep your cluster without this lock protection. For that, you must run:

docker swarm update –autolock=false

Rotating the keys

As with any other password, the good practices say that you should rotate it periodically and the command is:

docker swarm unlock-key –rotate

Again, it will prompt a new key that must be kept save somewhere secure plus always remember to maintain the old key for a while, until you are sure that all the Docker Swarm Manager nodes rotated their keys!

Display the current unlock key

Finally, we still have a chance to see the current unlock key, from a Manager Node, running the command:

docker swarm unlock-key

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.