rusackas opened a new pull request, #41308: URL: https://github.com/apache/superset/pull/41308
### SUMMARY The production hardening guide documented a rotation schedule for `SUPERSET_SECRET_KEY` but did not cover the other security-critical secrets, so operators following the checklist could rotate only the secret key and leave guest-token / async-query JWT secrets and SMTP/DB credentials un-rotated after a leak. This adds **Appendix C: Secrets Register and Rotation Schedule** to `docs/admin_docs/security/securing_superset.mdx`, enumerating each security-critical secret (`SUPERSET_SECRET_KEY`, `GUEST_TOKEN_JWT_SECRET`, `GLOBAL_ASYNC_QUERIES_JWT_SECRET`, SMTP password, database connection passwords) with its purpose, leak risk, and suggested rotation cadence, and references it from the ongoing-maintenance checklist. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF N/A — documentation only. ### TESTING INSTRUCTIONS Docs-only change. Build/preview the docs site and confirm Appendix C renders in the "Securing Superset" page and the maintenance checklist links to it. ### ADDITIONAL INFORMATION - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
