Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
SECRET_KEY encrypts database secrets without warning, possibly breaking web interface if changed
See original GitHub issueMake sure these boxes are checked before submitting your issue - thank you!
- I have checked the superset logs for python stacktraces and included it here as text if any
- I have reproduced the issue with at least the latest released version of superset
- I have checked the issue tracker for the same issue and I haven’t found one similar
Superset version
0.20.4
Expected results
Usually, on web apps, app secrets are just used for generating cookies (see secrets.secret_key_base in Rails, SECRET_KEY in Django, or Wordpress security keys and salts), so you can happily use different ones for dev and production environments, or change them if you see fit or any of your configuration files has leaked. The only problem you’ll have is logged users will lose their session, but they can login again.
As Superset configuration doesn’t specify any other use for this secret, the expected result for changing this value would be losing connected sessions.
Actual results
- When accessing to any menu that connects so databases (e.g. a dashboard or a slice), we get a unicode exception, as in issues #2600 or #2966 .
- Then, if you figure out that’s not an Unicode error, but an encryption one, and you want to overwrite/change stored passwords on the Database Sources configuration, you’ll get a similar Unicode error, so, not being able to edit MySQL connections.
- Unless you manually edit the database, removing password blobs from connections, you won’t be able to do it.
Steps to reproduce
- Add a database source and or dashboard
- Change your SECRET_KEY in your config file
- Restart Superset
- Open a slice or dashboard
- EXCEPTION
Recommended fix behaviour
- Docs should WARN about backing up secret key (I can do that if docs are in source)
- Exception should be captured with a more obvious error
- Database Sources configuration menu should be accessible, also capturing the error and showing a message that passwords are not accessible, and allow overwriting that password with a new one that will be encoded with the new secret_key
Issue Analytics
- State:
- Created 6 years ago
- Reactions:6
- Comments:25 (13 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
It seems like there should at least be a warning if the secret key changes. I’d recommend this issue be re-opened so a warning can be added.
In the meantime, here is how I was able to fix this: https://github.com/apache/superset/issues/8538#issuecomment-922061313
Unfortunately, this bug is a time bomb 💣