APP_KEY is a secret. Here's what it's used for & how you can rotate it

Updated: Jan 26, 2020 — 1 min Read#quick-dip

People often think APP_KEY is used to hash passwords, it isn't. Here's what this key is used for:

You should deal with the APP_KEY as a secret. If you think it has been exposed, you MUST change it. However, make sure you re-encrypt any stored encrypted values. Also understand that there'll be some side effects:

You can override the encrypter in your app to use an old key if it failed to decrypt a value with the new key. That way you can keep your app running fully after rotation until all the values are re-encrypted. Here's how.

By Mohamed Said

Hello! I'm a full-stack web developer working at Laravel. In this publication, I share everything I know about Laravel's core, packages, and tools.

You can find me on Twitter and Github.

Join the mailing list

If you like this article, you may want to consider joining the mailing list to receive new content once it is posted.
This site was built using Wink. Follow the RSS Feed.