Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add more warnings for default secrets and docker-compose #27921

Merged
merged 5 commits into from
Apr 16, 2024
Merged

docs: add more warnings for default secrets and docker-compose #27921

merged 5 commits into from
Apr 16, 2024

Conversation

dpgaspar
Copy link
Member

@dpgaspar dpgaspar commented Apr 5, 2024

SUMMARY

Add more warnings on our default for docker-compose and stress out the importance of having a unique random SECRET_KEY

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@github-actions github-actions bot added the doc Namespace | Anything related to documentation label Apr 5, 2024
sfirke
sfirke approved these changes Apr 5, 2024
View reviewed changes
Copy link
Member

@sfirke sfirke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dpgaspar I left a suggestion to change from quote format to caution format (you can see an example of how that renders on the docker compose install page). And I put a note in there about keeping your key, what do you think about that? People have written in Slack about getting locked out of their Superset instance when they don't know their SECRET_KEY that they randomly generated. Maybe they store it as an env variable and then delete a file or wipe out a VM or something.

docs/docs/installation/configuring-superset.mdx Outdated Show resolved Hide resolved
docs/docs/installation/configuring-superset.mdx Outdated Show resolved Hide resolved
docs/docs/installation/configuring-superset.mdx
@@ -99,6 +99,10 @@ SECRET_KEY = 'YOUR_OWN_RANDOM_GENERATED_SECRET_KEY'

You can generate a strong secure key with `openssl rand -base64 42`.

> Your secret key will be used for securely signing session cookies
and encrypting sensitive information on the database
Make sure you are changing this key for your deployment with a strong key.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Make sure you are changing this key for your deployment with a strong key.
Ensure your deployment uses a strong, unique key.
Store this key securely. Without this key, you will be unable to access your Superset metadata database. That is, you will lose all of your Superset dashboards, charts, etc. :::

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This :::caution block as merged is not closed with a :::, so this page renders everything after like so:

image

The suggestion did have a closing :::, though.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @csummers! I have a PR open now to fix this.

@mistercrunch
Copy link
Member

One thing I was thinking about recently around ENVIRONMENT_TAG_CONFIG and SUPERSET_ENV is we could either force a very visible tag or refuse to start when use a bad combination of things (default SECRET_KEY and "SUPERSET_ENV=production").

Also was thinking that in-your-face, "things you should know" in dev would be useful, notices like "hey we noticed you're on python 3.9 - the supported version is now 3.10, you should upgrade"

@rusackas rusackas merged commit 594e5a5 into apache:master Apr 16, 2024
29 checks passed
@rusackas rusackas deleted the docs/more-secret-key-warnings branch April 16, 2024 23:02
qleroy pushed a commit to qleroy/superset that referenced this pull request Apr 28, 2024
@dpgaspar @sfirke @qleroy
docs: add more warnings for default secrets and docker-compose (apach…
85fe972 
…e#27921)

Co-authored-by: Sam Firke <[email protected]>
jzhao62 pushed a commit to jzhao62/superset that referenced this pull request May 16, 2024
@dpgaspar @sfirke @jzhao62
docs: add more warnings for default secrets and docker-compose (apach…
676cce1 
…e#27921)

Co-authored-by: Sam Firke <[email protected]>
vinothkumar66 pushed a commit to vinothkumar66/superset that referenced this pull request Nov 11, 2024
@dpgaspar @sfirke
docs: add more warnings for default secrets and docker-compose (apach…
fc95464 
…e#27921)

Co-authored-by: Sam Firke <[email protected]>
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 4.1.0 labels Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csummers csummers csummers left review comments

@sfirke sfirke sfirke approved these changes

@mistercrunch mistercrunch Awaiting requested review from mistercrunch

@rusackas rusackas Awaiting requested review from rusackas

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels doc Namespace | Anything related to documentation size/M 🚢 4.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dpgaspar @mistercrunch @csummers @sfirke @rusackas