From 6a5a765689ef2d906784c055fe6007d1799eb33d Mon Sep 17 00:00:00 2001 From: Daniel Vaz Gaspar Date: Wed, 29 Nov 2023 15:48:39 +0000 Subject: [PATCH] fix: remove default secret key from helm (#23916) --- helm/superset/Chart.yaml | 2 +- helm/superset/README.md | 8 +++++++- helm/superset/README.md.gotmpl | 6 ++++++ helm/superset/templates/_helpers.tpl | 1 - helm/superset/values.yaml | 2 ++ 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml index 36d40645df..1f7d974c2b 100644 --- a/helm/superset/Chart.yaml +++ b/helm/superset/Chart.yaml @@ -29,7 +29,7 @@ maintainers: - name: craig-rueda email: craig@craigrueda.com url: https://github.com/craig-rueda -version: 0.10.15 +version: 0.11.0 dependencies: - name: postgresql version: 12.1.6 diff --git a/helm/superset/README.md b/helm/superset/README.md index 1c9bab285e..058ddd615f 100644 --- a/helm/superset/README.md +++ b/helm/superset/README.md @@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs # superset -![Version: 0.10.15](https://img.shields.io/badge/Version-0.10.15-informational?style=flat-square) +![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) Apache Superset is a modern, enterprise-ready business intelligence web application @@ -40,6 +40,12 @@ helm repo add superset http://apache.github.io/superset/ helm install my-superset superset/superset ``` +Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for +securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database. +It should be a long random bytes or str. + +On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets` + ## Requirements | Repository | Name | Version | diff --git a/helm/superset/README.md.gotmpl b/helm/superset/README.md.gotmpl index c17a7e31a7..facb955e31 100644 --- a/helm/superset/README.md.gotmpl +++ b/helm/superset/README.md.gotmpl @@ -39,6 +39,12 @@ helm repo add superset http://apache.github.io/superset/ helm install my-superset superset/superset ``` +Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for +securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database. +It should be a long random bytes or str. + +On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets` + {{ template "chart.requirementsSection" . }} {{ template "chart.valuesSection" . }} diff --git a/helm/superset/templates/_helpers.tpl b/helm/superset/templates/_helpers.tpl index 40b769054e..26d68ce603 100644 --- a/helm/superset/templates/_helpers.tpl +++ b/helm/superset/templates/_helpers.tpl @@ -82,7 +82,6 @@ DATA_CACHE_CONFIG = CACHE_CONFIG SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{env('DB_USER')}:{env('DB_PASS')}@{env('DB_HOST')}:{env('DB_PORT')}/{env('DB_NAME')}" SQLALCHEMY_TRACK_MODIFICATIONS = True -SECRET_KEY = env('SECRET_KEY', 'thisISaSECRET_1234') class CeleryConfig: imports = ("superset.sql_lab", ) diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml index 67f685bf18..a5b70559d1 100644 --- a/helm/superset/values.yaml +++ b/helm/superset/values.yaml @@ -93,6 +93,8 @@ extraSecretEnv: {} # # Google API Keys: https://console.cloud.google.com/apis/credentials # GOOGLE_KEY: ... # GOOGLE_SECRET: ... + # # Generate your own secret key for encryption. Use openssl rand -base64 42 to generate a good key + # SUPERSET_SECRET_KEY: 'CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET' # -- Extra files to mount on `/app/pythonpath` extraConfigs: {}