mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
7342e42fce
The current behavior of `docker swarm init` is to set up a swarm that has no secret for joining, and does not require manual acceptance for workers. Since workers may sometimes receive sensitive data such as pull credentials, it makes sense to harden the defaults. This change makes `docker swarm init` generate a random secret if none is provided, and print it to the terminal. This secret will be needed to join workers or managers to the swarm. In addition to improving access control to the cluster, this setup removes an avenue for denial-of-service attacks, since the secret is necessary to even create an entry in the node list. `docker swarm init --secret ""` will set up a swarm without a secret, matching the old behavior. `docker swarm update --secret ""` removes the automatically generated secret after `docker swarm init`. Closes #23785 Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> |
||
---|---|---|
.. | ||
cmd.go | ||
init.go | ||
inspect.go | ||
join.go | ||
leave.go | ||
opts.go | ||
opts_test.go | ||
secret.go | ||
update.go |