Docker Enterprise Swarm manager auto-lock key must be rotated periodically.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-235849 | DKER-EE-005070 | SV-235849r627674_rule | Medium |
| Description |
|---|
| Rotate swarm manager auto-lock key periodically. Swarm manager auto-lock key is not automatically rotated. Rotate them periodically as a best practice. By default, keys are not rotated automatically. |
| STIG | Date |
|---|---|
| Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2021-03-26 |
Details
| Check Text ( C-39068r627672_chk ) |
|---|
| Interview the system administrator to identify the key rotation process. Determine if there is a key rotation record and if the keys are rotated at a pre-defined frequency. If the swarm manager auto-lock key is not rotated on a regular basis, this is a finding. |
| Fix Text (F-39031r627673_fix) |
|---|
| Run the below command to rotate the keys. docker swarm unlock-key --rotate Additionally, to facilitate audit for this recommendation, maintain key rotation records and ensure that a pre-defined frequency for key rotation is established. |