docs(security): add a secrets register and rotation schedule#41308
Open
rusackas wants to merge 1 commit into
Open
docs(security): add a secrets register and rotation schedule#41308rusackas wants to merge 1 commit into
rusackas wants to merge 1 commit into
Conversation
The production hardening guide documented rotation for SUPERSET_SECRET_KEY but not for the other security-critical secrets, so operators following the checklist could leave guest-token/async-query JWT secrets and SMTP/DB credentials un-rotated after a leak. Add an "Appendix C: Secrets Register and Rotation Schedule" enumerating all security-critical secrets with their purpose, leak risk, and rotation cadence, and reference it from the ongoing-maintenance checklist. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Contributor
Code Review Agent Run #e58e23Actionable Suggestions - 0Review Details
Bito Usage GuideCommands Type the following command in the pull request comment and save the comment.
Refer to the documentation for additional commands. Configuration This repository uses Documentation & Help AI Code Review powered by |
✅ Deploy Preview for superset-docs-preview ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SUMMARY
The production hardening guide documented a rotation schedule for
SUPERSET_SECRET_KEYbut did not cover the other security-critical secrets, so operators following the checklist could rotate only the secret key and leave guest-token / async-query JWT secrets and SMTP/DB credentials un-rotated after a leak.This adds Appendix C: Secrets Register and Rotation Schedule to
docs/admin_docs/security/securing_superset.mdx, enumerating each security-critical secret (SUPERSET_SECRET_KEY,GUEST_TOKEN_JWT_SECRET,GLOBAL_ASYNC_QUERIES_JWT_SECRET, SMTP password, database connection passwords) with its purpose, leak risk, and suggested rotation cadence, and references it from the ongoing-maintenance checklist.BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A — documentation only.
TESTING INSTRUCTIONS
Docs-only change. Build/preview the docs site and confirm Appendix C renders in the "Securing Superset" page and the maintenance checklist links to it.
ADDITIONAL INFORMATION