I got the concept that when locking docker swarm cluster, it won’t be able automatically pass the TLS & Raft logs keys to the managers for decryption and it needs to be done manually by providing the token.

But doesn’t that defeat the continuity of the cluster if for example after node restart a manual intervention is needed?

Is there a special case where it is deployed or swarm should be locked in production?

Is that a typical case of more security limiting useability?