Communication between swarm nodes is encrypted using Transport Layer Security (TLS). The swarm manager configures itself as a certification authority when you create the swarm, and the manager generates certificates for each node when they join. Communication between nodes in the swarm is encrypted using mutual TLS.

Mutual TLS means that the nodes can securely communicate and trust each other, as every node has a trusted certificate to identify itself. Nodes are assigned a random ID that is used in the certificate, so the swarm doesn't rely on attributes such as the hostname, which could potentially be faked.

Trusted communication between nodes is the foundation for Docker Secrets in swarm mode. Secrets are stored and encrypted in the Raft log on the managers, and a secret is sent to the worker only if that worker is going to run a container that uses the secret. The secret is always encrypted in transit using mutual TLS. On the worker node, the secret is made available in plain text on a temporary RAM drive that is surfaced to the container as a volume mount. The data is never persisted in plain text.

Inside the container, access to secret files is restricted to certain user accounts. The accounts with access can be specified in Linux, but in Windows, there's currently a fixed list. I used secrets in the ASP.NET web application in Chapter 7, Orchestrating Distributed Solutions with Docker Swarm, and you can see there that I configured the IIS application pool to use an account with access.

When containers are stopped, paused, or removed, the secrets that were available to the container are removed from the host. On Windows, where secrets are currently persisted to disk, if the host is forcefully shut down, then secrets are removed when the host restarts.