fix: Change default SECRET_KEY, improve docs and banner warning (#17984)

* fix: Change default SECRET_KEY, improve docs and banner warning on default * lint * Update superset/initialization/__init__.py Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com> * add a secret migration procedure, update UPDATING * fix lint Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com>
2026-04-07 18:35:15 +00:00 · 2022-01-11 15:13:04 +00:00
parent 7fc6a2f36c
commit 412189fcb7
7 changed files with 173 additions and 7 deletions
--- a/docs/src/pages/docs/installation/configuring.mdx
+++ b/docs/src/pages/docs/installation/configuring.mdx
@@ -21,7 +21,7 @@ SUPERSET_WEBSERVER_PORT = 8088

 # Flask App Builder configuration
 # Your App secret key
-SECRET_KEY = '\2\1thisismyscretkey\1\2\e\y\y\h'
+SECRET_KEY = 'USE_YOUR_OWN_SECURE_RANDOM_KEY'

 # The SQLAlchemy connection string to your database backend
 # This connection defines the path to the database that stores your
@@ -56,7 +56,8 @@ for more information on how to configure it.
 Make sure to change:

 - `SQLALCHEMY_DATABASE_URI`: by default it is stored at ~/.superset/superset.db
- `SECRET_KEY`: to a long random string
+- `SECRET_KEY`: Use a strong complex alphanumeric string and use a tool
+                to help you generate a sufficiently random sequence, ex: openssl rand -base64 42"

 If you need to exempt endpoints from CSRF (e.g. if you are running a custom auth postback endpoint),
 you can add the endpoints to `WTF_CSRF_EXEMPT_LIST`: