mirror of
https://github.com/apache/superset.git
synced 2026-07-08 15:55:33 +00:00
The production hardening guide documented rotation for SUPERSET_SECRET_KEY but not for the other security-critical secrets, so operators following the checklist could leave guest-token/async-query JWT secrets and SMTP/DB credentials un-rotated after a leak. Add an "Appendix C: Secrets Register and Rotation Schedule" enumerating all security-critical secrets with their purpose, leak risk, and rotation cadence, and reference it from the ongoing-maintenance checklist. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>