Refusing to start due to insecure SECRET_KEY #23598
Replies: 16 comments 25 replies
-
It's because you are using default secret key is your config. You will have to rotate secret key using https://superset.apache.org/docs/installation/configuring-superset/#secret_key-rotation Then run "superset db upgrade" |
Beta Was this translation helpful? Give feedback.
-
After full install (adding the secret key as required before "superset db upgrade", then "superset fab create-admin", then "superset load_examples", and "superset init"), the install looks to complete, but then an error in the application (did not get this is previous version):
|
Beta Was this translation helpful? Give feedback.
-
I had a prior installation of Superset and have recently pulled the latest. Now I received the Refusing to start message, populating a new key allows the app to start but I cannot access any of my prior database connections. All result in the error when running the rotate key command: During handling of the above exception, another exception occurred: Traceback (most recent call last): |
Beta Was this translation helpful? Give feedback.
-
Please note in 2.1.0 this is now read at
And then simply use the result of that command as the value of the
...or include such variable in the corresponding environment variables file for the Docker CLI or Docker Compose. |
Beta Was this translation helpful? Give feedback.
-
In my case it doesn't work nothing. I change in the file "superset/config.py" the "SECRET KEY" for one created with "openssl rand -base64 42" and below I write "PREVIOUS_SECRET_KEY" with my old "SECRET KEY". I save and exit. Next I ran a pull and an up: -docker-compose -f docker-compose-non-dev.yml pull Once the updated successfully, I ran the migration with an error: I don't understand it and I don't know what to do. |
Beta Was this translation helpful? Give feedback.
-
openssl rand -base64 42 I have to manually append: to docker/.env-non-dev file then docker compose up |
Beta Was this translation helpful? Give feedback.
-
@haodengwavely I think your answer has helped me but I don't know for sure because I have a new problem. This error: I have searched for this error in different forums. The forums says to install the specifics versions for the frameworks (WTFForms, cryptography, pyopenssl ...). I have tried but it has not been solved |
Beta Was this translation helpful? Give feedback.
-
One important step - need to run |
Beta Was this translation helpful? Give feedback.
-
Hopefully this helps someone. I had the same issue with the default SECRET_KEY error. I am using docker compose with a Dockerfile. I solved the issue by adding an environment variable to the Dockerfile:
I generated the secret key using openssl as recommended. |
Beta Was this translation helpful? Give feedback.
-
I did everything the above solutions suggested, but the "Default Key detected ... Refusing to start due to insecure SECRET_KEY" still shows up once I run docker-compose up |
Beta Was this translation helpful? Give feedback.
-
Same here, added previous and new secret key and run "superset re-encrypt-secrets" but service still refuses to start. Edit: i run "superset re-encrypt-secrets" with "su superset" and get this error now: Edit2: i also tried to add this command to the docker-init and docker-bootstrap.sh but still, refusing to start... |
Beta Was this translation helpful? Give feedback.
-
Same here, just add export SUPERSET_SECRET_KEY=xxxxxxxxxxxxxx/xxxxxxxxxx because in SECRET_KEY = os.environ.get("SUPERSET_SECRET_KEY") or CHANGE_ME_SECRET_KEY and then do |
Beta Was this translation helpful? Give feedback.
-
I just set it in .env file And its work for me |
Beta Was this translation helpful? Give feedback.
-
This was a real PITA to fix. What I did:
And that worked. Now I assume I need to delete the Previous_Secret_Key before I do a compose down and up again |
Beta Was this translation helpful? Give feedback.
-
superset re-encrypt-secrets During handling of the above exception, another exception occurred: Traceback (most recent call last): The above exception was the direct cause of the following exception: Traceback (most recent call last): I am getting this error |
Beta Was this translation helpful? Give feedback.
-
I have superset installed in kubernetes via helm. Upgraded it via The steps I tried to resolve it:
The last command fails with the same "Invalid decryption key" as the init-db container. I'm pretty sure that CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET is the correct previous value, because when I expicitly set to the key to it, the init-db container fails with I don't know if changing superset_config.py would have worked, because in kubernetes it's mounted read-only. But looks like the |
Beta Was this translation helpful? Give feedback.
-
Why is this startup error happening with the latest release? (Ubuntu 22.04)
Beta Was this translation helpful? Give feedback.
All reactions