Current Situation
According to superset docs on secretKeys you should be able to rotate keys to encrypt your database and session cookies.
Currently you'd need to manually add PREVIOUS_SECRET_KEY and add the new SECRET_KEY env variable ( while reconciliation paused ) and run superset re-encrypt-secrets on your own in pod. When succeeded, you can unpause reconciliation and add the new SECRET_KEY to your superset_credentials secret.
Proposal
The operator should be able at reconciliation to decide weather to re-encrypt. Ideally, we can automatically rotate this key.
Current Situation
According to superset docs on secretKeys you should be able to rotate keys to encrypt your database and session cookies.
Currently you'd need to manually add PREVIOUS_SECRET_KEY and add the new SECRET_KEY env variable ( while reconciliation paused ) and run
superset re-encrypt-secretson your own in pod. When succeeded, you can unpause reconciliation and add the new SECRET_KEY to your superset_credentials secret.Proposal
The operator should be able at reconciliation to decide weather to re-encrypt. Ideally, we can automatically rotate this key.