You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2023/12/04 17:09:39 UTC
(superset) 12/16: fix: remove default secret key from helm (#23916)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
commit a5c842c876cd363f3f64b4ef6ae76db87ebca888
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Wed Nov 29 15:48:39 2023 +0000
fix: remove default secret key from helm (#23916)
(cherry picked from commit 6a5a765689ef2d906784c055fe6007d1799eb33d)
---
helm/superset/Chart.yaml | 2 +-
helm/superset/README.md | 8 +++++++-
helm/superset/README.md.gotmpl | 6 ++++++
helm/superset/templates/_helpers.tpl | 1 -
helm/superset/values.yaml | 2 ++
5 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
index 83f4119791..e03d905e0f 100644
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -29,7 +29,7 @@ maintainers:
- name: craig-rueda
email: craig@craigrueda.com
url: https://github.com/craig-rueda
-version: 0.10.15
+version: 0.11.0
dependencies:
- name: postgresql
version: 12.1.6
diff --git a/helm/superset/README.md b/helm/superset/README.md
index b8d4385008..6510feb2e4 100644
--- a/helm/superset/README.md
+++ b/helm/superset/README.md
@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs
# superset
-![Version: 0.10.15](https://img.shields.io/badge/Version-0.10.15-informational?style=flat-square)
+![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square)
Apache Superset is a modern, enterprise-ready business intelligence web application
@@ -40,6 +40,12 @@ helm repo add superset http://apache.github.io/superset/
helm install my-superset superset/superset
```
+Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for
+securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database.
+It should be a long random bytes or str.
+
+On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets`
+
## Requirements
| Repository | Name | Version |
diff --git a/helm/superset/README.md.gotmpl b/helm/superset/README.md.gotmpl
index c17a7e31a7..facb955e31 100644
--- a/helm/superset/README.md.gotmpl
+++ b/helm/superset/README.md.gotmpl
@@ -39,6 +39,12 @@ helm repo add superset http://apache.github.io/superset/
helm install my-superset superset/superset
```
+Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for
+securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database.
+It should be a long random bytes or str.
+
+On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets`
+
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
diff --git a/helm/superset/templates/_helpers.tpl b/helm/superset/templates/_helpers.tpl
index b450ec3ef0..02aff2dfc9 100644
--- a/helm/superset/templates/_helpers.tpl
+++ b/helm/superset/templates/_helpers.tpl
@@ -82,7 +82,6 @@ DATA_CACHE_CONFIG = CACHE_CONFIG
SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{env('DB_USER')}:{env('DB_PASS')}@{env('DB_HOST')}:{env('DB_PORT')}/{env('DB_NAME')}"
SQLALCHEMY_TRACK_MODIFICATIONS = True
-SECRET_KEY = env('SECRET_KEY', 'thisISaSECRET_1234')
class CeleryConfig(object):
CELERY_IMPORTS = ('superset.sql_lab', )
diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml
index 7fe7e75412..8669056323 100644
--- a/helm/superset/values.yaml
+++ b/helm/superset/values.yaml
@@ -93,6 +93,8 @@ extraSecretEnv: {}
# # Google API Keys: https://console.cloud.google.com/apis/credentials
# GOOGLE_KEY: ...
# GOOGLE_SECRET: ...
+ # # Generate your own secret key for encryption. Use openssl rand -base64 42 to generate a good key
+ # SUPERSET_SECRET_KEY: 'CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET'
# -- Extra files to mount on `/app/pythonpath`
extraConfigs: {}