# Secure cluster membership with join secret authentication

To enhance security in multi-cluster environments, WEKA supports join secret authentication in on-premises deployments, which ensures that only authorized backends with the correct secret can join a cluster. This mechanism prevents accidental cross-cluster joins and unauthorized access, maintaining a secure and isolated cluster environment.

{% hint style="info" %}
Join secret authentication is not supported on cloud deployments.
{% endhint %}

## Enable join secret authentication

Join secret authentication is enabled during cluster creation by specifying a secret:

```
weka cluster add --join-secret <join-secret>
```

The `<join-secret>` acts as a shared credential required for all backend containers that need to join the cluster.

## Set join secret for existing clusters

If the cluster was initially created without a join secret, you can assign it post-deployment to each container using:

```
weka cluster container join-secret <container-id> <secret>
```

Replace `<container-id>` with the container’s identifier and with the desired join secret value.

## Add resources to a cluster with join secret

When expanding a cluster with join secret authentication enabled, the following commands must include the correct secret:

* Set up a new container:

```
weka local setup container --join-secret <join-secret>
```

* Join using local resources:

```
weka local resources join-secret <secret>
```

**Related topic**

[Expand specific resources of a container](/operation-guide/expanding-and-shrinking-cluster-resources/expansion-of-specific-resources.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.weka.io/security/secure-cluster-membership-with-join-secret-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.