I’m upgrading from Redash 6 -> 8. Looking at the instructions for the 7.0 upgrade it recommends setting up a REDASH_SECRET_KEY for database setting encryption. I did this, however after the upgrade started getting InvalidToken errors even though my secret key was set during the migration.
It seems during the migration it uses settings.SECRET_KEY (coming from REDASH_COOKIE_SECRET) rather than settings.DATASTORE_SECRET_KEY (which comes from REDASH_SECRET_KEY) so my config has been encrypted with the wrong key.
To work around this, I can set the REDASH_COOKIE_SECRET to match my REDASH_SECRET_KEY during migration, but feel this is pretty nasty upgrade issue.
What happened here is that in v7, settings.SECRET_KEY was reading the value settings.DATABASE_SECRET_KEY is reading now. When we updated the code, we didn’t change the migration
This is another case where upgrading version by version (i.e. v6 -> v7 and then v7 -> v8) could help… maybe we should make it a recommendation in the upgrade docs.
Surely more importantly we should FIX this? There are still people using Redash 5 and earlier who might want to update in future - we have a framework in place so that it should be possible to upgrade across multiple versions and all the migrations will be applied in order. Lets use it!
I’ve just pushed two very simple PRs - one for master, one for the current release branch.
