Skip to content

Allow secretKey rotations #618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Maleware opened this issue Apr 10, 2025 · 1 comment
Open

Allow secretKey rotations #618

Maleware opened this issue Apr 10, 2025 · 1 comment
Labels
type/feature-new

Comments

@Maleware
Copy link
Member

Current Situation

According to superset docs on secretKeys you should be able to rotate keys to encrypt your database and session cookies.

Currently you'd need to manually add PREVIOUS_SECRET_KEY and add the new SECRET_KEY env variable ( while reconciliation paused ) and run superset re-encrypt-secrets on your own in pod. When succeeded, you can unpause reconciliation and add the new SECRET_KEY to your superset_credentials secret.

Proposal

The operator should be able at reconciliation to decide weather to re-encrypt. Ideally, we can automatically rotate this key.
@nightkr
Copy link
Member

nightkr commented Apr 10, 2025

Additionally: we should probably manage the secret key internally in the operator, not ask the user to provide it in their credentials object.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/feature-new
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nightkr @Maleware