docs: add more warnings for default secrets and docker-compose (#27921)

Co-authored-by: Sam Firke <sfirke@users.noreply.github.com>

docker-compose-image-tag.yml

@@ -14,6 +14,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+
+# -----------------------------------------------------------------------
+# We don't support docker-compose for production environments.
+# If you choose to use this type of deployment make sure to
+# create you own docker environment file (docker/.env) with your own
+# unique random secure passwords and SECRET_KEY.
+# -----------------------------------------------------------------------
 x-superset-image: &superset-image apachesuperset.docker.scarf.sh/apache/superset:${TAG:-latest}
 x-superset-depends-on: &superset-depends-on
   - db

docker-compose-non-dev.yml

@@ -14,6 +14,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+
+# -----------------------------------------------------------------------
+# We don't support docker-compose for production environments.
+# If you choose to use this type of deployment make sure to
+# create you own docker environment file (docker/.env) with your own
+# unique random secure passwords and SECRET_KEY.
+# -----------------------------------------------------------------------
 x-superset-depends-on: &superset-depends-on
   - db
   - redis

docker-compose.yml

@@ -14,6 +14,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+
+# -----------------------------------------------------------------------
+# We don't support docker-compose for production environments.
+# If you choose to use this type of deployment make sure to
+# create you own docker environment file (docker/.env) with your own
+# unique random secure passwords and SECRET_KEY.
+# -----------------------------------------------------------------------
 x-superset-user: &superset-user root
 x-superset-depends-on: &superset-depends-on
   - db

docker/.env

@@ -14,17 +14,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+
+
 COMPOSE_PROJECT_NAME=superset
 
 # database configurations (do not modify)
 DATABASE_DB=superset
 DATABASE_HOST=db
+# Make sure you set this to a unique secure random value on production
 DATABASE_PASSWORD=superset
 DATABASE_USER=superset
 
 EXAMPLES_DB=examples
 EXAMPLES_HOST=db
 EXAMPLES_USER=examples
+# Make sure you set this to a unique secure random value on production
 EXAMPLES_PASSWORD=examples
 EXAMPLES_PORT=5432
 
@@ -34,6 +38,7 @@ DATABASE_PORT=5432
 DATABASE_DIALECT=postgresql
 POSTGRES_DB=superset
 POSTGRES_USER=superset
+# Make sure you set this to a unique secure random value on production
 POSTGRES_PASSWORD=superset
 #MYSQL_DATABASE=superset
 #MYSQL_USER=superset
@@ -52,6 +57,7 @@ CYPRESS_CONFIG=false
 SUPERSET_PORT=8088
 MAPBOX_API_KEY=''
 
+# Make sure you set this to a unique secure random value on production
 SUPERSET_SECRET_KEY=TEST_NON_DEV_SECRET
 
 ENABLE_PLAYWRIGHT=false

docs/docs/installation/configuring-superset.mdx

@@ -99,6 +99,10 @@ SECRET_KEY = 'YOUR_OWN_RANDOM_GENERATED_SECRET_KEY'
 
 You can generate a strong secure key with `openssl rand -base64 42`.
 
+:::caution Your secret key will be used for securely signing session cookies
+and encrypting sensitive information stored in Superset's application metadata database.
+  Make sure you are changing this key for your deployment with a strong key.
+
 #### Rotating to a newer SECRET_KEY
 
 If you wish to change your existing SECRET_KEY, add the existing SECRET_KEY to your `superset_config.py` file as