You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2023/12/04 21:05:48 UTC
(superset) 03/15: fix: remove default secret key from helm (#23916)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 93319696ded850302f3c2093cd6a9408a325c042
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Wed Nov 29 15:48:39 2023 +0000
fix: remove default secret key from helm (#23916)
(cherry picked from commit 6a5a765689ef2d906784c055fe6007d1799eb33d)
---
helm/superset/Chart.yaml | 2 +-
helm/superset/README.md | 8 +++++++-
helm/superset/README.md.gotmpl | 6 ++++++
helm/superset/templates/_helpers.tpl | 1 -
helm/superset/values.yaml | 2 ++
5 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
index 36d40645df..1f7d974c2b 100644
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -29,7 +29,7 @@ maintainers:
- name: craig-rueda
email: craig@craigrueda.com
url: https://github.com/craig-rueda
-version: 0.10.15
+version: 0.11.0
dependencies:
- name: postgresql
version: 12.1.6
diff --git a/helm/superset/README.md b/helm/superset/README.md
index 1c9bab285e..058ddd615f 100644
--- a/helm/superset/README.md
+++ b/helm/superset/README.md
@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs
# superset
-
+
Apache Superset is a modern, enterprise-ready business intelligence web application
@@ -40,6 +40,12 @@ helm repo add superset http://apache.github.io/superset/
helm install my-superset superset/superset
```
+Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for
+securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database.
+It should be a long random bytes or str.
+
+On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets`
+
## Requirements
| Repository | Name | Version |
diff --git a/helm/superset/README.md.gotmpl b/helm/superset/README.md.gotmpl
index c17a7e31a7..facb955e31 100644
--- a/helm/superset/README.md.gotmpl
+++ b/helm/superset/README.md.gotmpl
@@ -39,6 +39,12 @@ helm repo add superset http://apache.github.io/superset/
helm install my-superset superset/superset
```
+Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for
+securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database.
+It should be a long random bytes or str.
+
+On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets`
+
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
diff --git a/helm/superset/templates/_helpers.tpl b/helm/superset/templates/_helpers.tpl
index 40b769054e..26d68ce603 100644
--- a/helm/superset/templates/_helpers.tpl
+++ b/helm/superset/templates/_helpers.tpl
@@ -82,7 +82,6 @@ DATA_CACHE_CONFIG = CACHE_CONFIG
SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{env('DB_USER')}:{env('DB_PASS')}@{env('DB_HOST')}:{env('DB_PORT')}/{env('DB_NAME')}"
SQLALCHEMY_TRACK_MODIFICATIONS = True
-SECRET_KEY = env('SECRET_KEY', 'thisISaSECRET_1234')
class CeleryConfig:
imports = ("superset.sql_lab", )
diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml
index 67f685bf18..a5b70559d1 100644
--- a/helm/superset/values.yaml
+++ b/helm/superset/values.yaml
@@ -93,6 +93,8 @@ extraSecretEnv: {}
# # Google API Keys: https://console.cloud.google.com/apis/credentials
# GOOGLE_KEY: ...
# GOOGLE_SECRET: ...
+ # # Generate your own secret key for encryption. Use openssl rand -base64 42 to generate a good key
+ # SUPERSET_SECRET_KEY: 'CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET'
# -- Extra files to mount on `/app/pythonpath`
extraConfigs: {}