What is the required action for a manager node when rotating the swarm unlock-key?

In Docker Swarm mode, the unlock key is used to secure the swarm and enable access to the encrypted data stored in the Raft log. When rotating the swarm unlock key, it is a critical action that needs to be performed to ensure that any sensitive data remains secure after a key change.

The correct action is to run the rotation command on one manager node. In Docker Swarm, there can be multiple manager nodes, but the unlock key only needs to be managed and rotated on a single chosen node at a time. This is because the rotation process involves updating the swarm's current unlock key, and only one manager node initiates this process, which will propagate the changes to the swarm effectively.

Once the unlock key is rotated on one manager node, it ensures that the updated key is synchronized across the swarm, thus maintaining the necessary security across all nodes. Running this operation on all manager nodes simultaneously is unnecessary and could lead to inconsistencies or complications. Therefore, managing the unlock key rotation on just one manager node is both efficient and effective in maintaining the integrity and security of the swarm.