New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SECRET_KEY encrypts database secrets without warning, possibly breaking web interface if changed #3724
Comments
What exception do you get? I think i've already fixed the issue upstream. For the rest feel free to open a PR against doc. |
I take a working superset 0.20.4 install, change the secret, then enter a Dashboard, and I get this:
Then, if I enter the
|
The exception chain looks good, maybe we just have a catch all on the frontend that returns a generic error? |
This is happening to me as well, although not after changing the SECRET_KEY. I've upgraded to python 3.4, and now trying to access Sources -> Databases gives me the same error. Perhaps python2 did not store whatever it needs to as utf-8? |
Not much we can do about the encryption lib and/or related logic not working across py2/3 . Seems like you'll have to re-enter the passwords post migration. |
@andor-pierdelacabeza, Can you please add to your description how to do the workaround you mentioned of "removing password blobs from connections"? This way other people affected that bump into this issue report (like me) can easily get out of the menu breakage as well. |
It should be easy to add support to lookup environment variables for connection string. Let me do a quick PR. |
FYI the easiest way is to use |
this is also an issue if you switch between debug mode and non-debug mode. debug mode seems to not load your is there a supported way to change your secret key if this happens? |
@czue did you find a solution to this? Getting the same error after changing secret_key. |
@czue debug mode should not have anything to do with loading or not loading |
@mistercrunch when I add the
|
The line that goes |
what's strange is that the file is in the same directory as I'm running the command in. should the current directory not always be on the |
So mine worked out. After changing the
|
This is happening with me also. |
Agree that logically it should not have anything to do with loading the config file. But in reality, it is affecting the config loading. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue |
but when i change the secret_key, i can not go to sources>databases , i also got this error, Can you tell me in more detail |
i got an solution, add a config DB_SECRET_KEY in config.py it's value is origin SECRET_KEY, then use config["DB_SECRET_KEY"] replace config["SECRET_KEY"] in superset/models/core.py Database model |
@reesezxf we'd accept a PR that does this |
I got this error after upgrade. I followed ur instruction, it doesn't work.
|
Unfortunately, this bug is a time bomb 💣 |
It seems like there should at least be a warning if the secret key changes. I'd recommend this issue be re-opened so a warning can be added. In the meantime, here is how I was able to fix this: #8538 (comment) |
Just got this error. Upgrading superset, got a warning that no EDIT: the warning should point to the documentation instead of suggesting setting a value without warning about database corruption. |
Make sure these boxes are checked before submitting your issue - thank you!
Superset version
0.20.4
Expected results
Usually, on web apps, app secrets are just used for generating cookies (see
secrets.secret_key_base
in Rails,SECRET_KEY
in Django, or Wordpress security keys and salts), so you can happily use different ones fordev
andproduction
environments, or change them if you see fit or any of your configuration files has leaked. The only problem you'll have is logged users will lose their session, but they can login again.As Superset configuration doesn't specify any other use for this secret, the expected result for changing this value would be losing connected sessions.
Actual results
Steps to reproduce
Recommended
fixbehaviourThe text was updated successfully, but these errors were encountered: