*Overview*: Apache Superset Helm chart contained a known default SECRET_KEY. This SECRET_KEY should be configured to a secure unique random value by using `configOverrides.secret.SECRET_KEY` or `extraSecretEnv` if not set the default would be assumed.
A SECRET_KEY is used for securely signing the session cookie and encrypting sensitive data. *Affected Versions* helm chart versions <= 0.10.15 *Recommendations*: Upgrade your helm chart to 0.11.0 or higher, or make sure you have set a unique random SECRET_KEY. Verifying your current SECRET_KEY can be done by accessing one of your Apache Superset instances and on shell execute: ``` $ echo app.config[\"SECRET_KEY\"] | flask shell ``` Best Regards, Daniel Gaspar / Apache Superset PMC
