[I] Rolling the Secret Key in a Kubernetes environment is not working for me. [superset]

Mon, 17 Nov 2025 08:45:04 -0800 


TobSchwa94 opened a new issue, #36139:
URL: https://github.com/apache/superset/issues/36139

   ### Bug description
   
   I originally set up a metadatabase using Docker Compose. In that 
environment, I rolled the key once without any issues.
   Now we are deploying Superset in Kubernetes.
   
   I tried following the documented process for rolling the secret key.
   
   configOverrides:
     my_override: |
       PREVIOUS_SECRET_KEY = 'YOUR_PREVIOUS_SECRET_KEY'
       SECRET_KEY = 'YOUR_OWN_RANDOM_GENERATED_SECRET_KEY'
   init:
     command:
       - /bin/sh
       - -c
       - |
         . {{ .Values.configMountPath }}/superset_bootstrap.sh
         superset re-encrypt-secrets
         . {{ .Values.configMountPath }}/superset_init.sh
   
   When running superset re-encrypt-secrets, no error logs appear.
   However, the init command exits with an error code, stating that the 
decryption key is invalid.
   I also cannot use the application anymore—it shows “invalid decryption key” 
errors. Inside the Superset shell, both the old and new values for SECRET_KEY 
and PREVIOUS_SECRET_KEY are correct.
   
   I also tried skipping the init script and performing the key rotation during 
runtime inside the Superset container. I let Python read the values from the 
environment variables and set them via the console. The Superset shell again 
returns the correct values. But when I access the application, I still get 
“wrong decryption key” errors.
   
   If you need any more information about our setup, please let me know.
   
   ### Screenshots/recordings
   
   _No response_
   
   ### Superset version
   
   5.0.0
   
   ### Python version
   
   I don't know
   
   ### Node version
   
   I don't know
   
   ### Browser
   
   Firefox
   
   ### Additional context
   
   _No response_
   
   ### Checklist
   
   - [x] I have searched Superset docs and Slack and didn't find a solution to 
my problem.
   - [x] I have searched the GitHub issue tracker and didn't find a similar bug 
report.
   - [x] I have checked Superset's logs for errors and if I found a relevant 
Python stacktrace, I included it here as text in the "additional context" 
section.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to