github.com/AliyunContainerService/cli@v0.0.0-20181009023821-814ced4b30d0/docs/reference/commandline/swarm_join_token.md (about) 1 --- 2 title: "swarm join-token" 3 description: "The swarm join-token command description and usage" 4 keywords: "swarm, join-token" 5 --- 6 7 <!-- This file is maintained within the docker/cli GitHub 8 repository at https://github.com/docker/cli/. Make all 9 pull requests against that repo. If you see this file in 10 another repository, consider it read-only there, as it will 11 periodically be overwritten by the definitive file. Pull 12 requests which include edits to this file in other repositories 13 will be rejected. 14 --> 15 16 # swarm join-token 17 18 ```markdown 19 Usage: docker swarm join-token [OPTIONS] (worker|manager) 20 21 Manage join tokens 22 23 Options: 24 --help Print usage 25 -q, --quiet Only display token 26 --rotate Rotate join token 27 ``` 28 29 ## Description 30 31 Join tokens are secrets that allow a node to join the swarm. There are two 32 different join tokens available, one for the worker role and one for the manager 33 role. You pass the token using the `--token` flag when you run 34 [swarm join](swarm_join.md). Nodes use the join token only when they join the 35 swarm. 36 37 ## Examples 38 39 You can view or rotate the join tokens using `swarm join-token`. 40 41 As a convenience, you can pass `worker` or `manager` as an argument to 42 `join-token` to print the full `docker swarm join` command to join a new node to 43 the swarm: 44 45 ```bash 46 $ docker swarm join-token worker 47 To add a worker to this swarm, run the following command: 48 49 docker swarm join \ 50 --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \ 51 172.17.0.2:2377 52 53 $ docker swarm join-token manager 54 To add a manager to this swarm, run the following command: 55 56 docker swarm join \ 57 --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 \ 58 172.17.0.2:2377 59 ``` 60 61 Use the `--rotate` flag to generate a new join token for the specified role: 62 63 ```bash 64 $ docker swarm join-token --rotate worker 65 Successfully rotated worker join token. 66 67 To add a worker to this swarm, run the following command: 68 69 docker swarm join \ 70 --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t \ 71 172.17.0.2:2377 72 ``` 73 74 After using `--rotate`, only the new token will be valid for joining with the specified role. 75 76 The `-q` (or `--quiet`) flag only prints the token: 77 78 ```bash 79 $ docker swarm join-token -q worker 80 81 SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t 82 ``` 83 84 ### `--rotate` 85 86 Because tokens allow new nodes to join the swarm, you should keep them secret. 87 Be particularly careful with manager tokens since they allow new manager nodes 88 to join the swarm. A rogue manager has the potential to disrupt the operation of 89 your swarm. 90 91 Rotate your swarm's join token if a token gets checked-in to version control, 92 stolen, or a node is compromised. You may also want to periodically rotate the 93 token to ensure any unknown token leaks do not allow a rogue node to join 94 the swarm. 95 96 To rotate the join token and print the newly generated token, run 97 `docker swarm join-token --rotate` and pass the role: `manager` or `worker`. 98 99 Rotating a join-token means that no new nodes will be able to join the swarm 100 using the old token. Rotation does not affect existing nodes in the swarm 101 because the join token is only used for authorizing new nodes joining the swarm. 102 103 ### `--quiet` 104 105 Only print the token. Do not print a complete command for joining. 106 107 ## Related commands 108 109 * [swarm ca](swarm_ca.md) 110 * [swarm init](swarm_init.md) 111 * [swarm join](swarm_join.md) 112 * [swarm leave](swarm_leave.md) 113 * [swarm unlock](swarm_unlock.md) 114 * [swarm unlock-key](swarm_unlock_key.md) 115 * [swarm update](swarm_update.md)