Laravel 5 Application Key

Question

I am new to Laravel. I just started it tonight. Actually, I have the following code:

'key' => env('APP_KEY', 'SomeRandomString'),

In xampp/htdocs/laravel/blog/config/app.php.
I want to change this key to 32-bit by cmd as:

xampp\htdocs\laravel/blog>php artisan key:generate

It generates the key but could not replace/update in xampp/htdocs/laravel/blog/config/app.php.

Do you have the .env file in place? if so, please check if you have a key in there. — Juan Carlos Brown, Nov 13 '15 at 19:42
I added one new answer, just to emphasize on users passwords. — prosti, Feb 22 '17 at 14:04

score 114 · Accepted Answer · answered Nov 13 '15 at 21:00

This line in your app.php, 'key' => env('APP_KEY', 'SomeRandomString'),, is saying that the key for your application can be found in your .env file on the line APP_KEY.

Basically it tells Laravel to look for the key in the .env file first and if there isn't one there then to use 'SomeRandomString'.

When you use the php artisan key:generate it will generate the new key to your .env file and not the app.php file.

As kotapeter said, your .env will be inside your root Laravel directory and may be hidden; xampp/htdocs/laravel/blog

Peter Kota · Answer 2 · 2020-04-05T08:31:52.527

102

You can generate a key by the following command:

php artisan key:generate

The key will be written automatically in your .env file.

APP_KEY=YOUR_GENERATED_KEY

If you want to see your key after generation use --show option

php artisan key:generate --show

Note: The .env is a hidden file in your project folder.

edited Apr 05 '20 at 08:31

answered Nov 13 '15 at 20:14

Peter Kota

8,048
5
25
51

2

line gets updated automatically when run the command if u have the default empty line already APP_KEY = – Andrew Dec 01 '17 at 17:39

score 45 · Answer 3 · edited Jun 28 '19 at 14:13

45

Just as another option if you want to print only the key (doesn't write the .env file) you can use:

php artisan key:generate --show

edited Jun 28 '19 at 14:13

Chuck Le Butt

47,570
62
203
289

answered Nov 17 '16 at 00:17

JohnnyAce

3,569
9
37
59

this should be default? Otherwise when you type php artisan key:generate don't you hose the passwords in your (hopefully development) machine? IE we need php artisan key:generate --write – Tom Andersen Oct 11 '19 at 14:10
1

@TomAndersen No, APP_KEY is only used for encryption (so, by default, cookies), NOT for password hashing. I thought https://tighten.co/blog/app-key-and-you was a nice explanation. – Charles Wood Jan 22 '20 at 14:13

score 1 · Answer 4 · edited Jun 20 '20 at 09:12

1

From the line

'key' => env('APP_KEY', 'SomeRandomString'),

APP_KEY is a global environment variable that is present inside the .env file.

You can replace the application key if you trigger

php artisan key:generate

command. This will always generate the new key.

The output may be like this:

Application key [Idgz1PE3zO9iNc0E3oeH3CHDPX9MzZe3] set successfully.

Application key [base64:uynE8re8ybt2wabaBjqMwQvLczKlDSQJHCepqxmGffE=] set successfully.

Base64 encoding should be the default in Laravel 5.4

Note that when you first create your Laravel application, key:generate is automatically called.

If you change the key be aware that passwords saved with `Hash::make()` will no longer be valid.

edited Jun 20 '20 at 09:12

Community

1
1

answered Feb 22 '17 at 13:39

prosti

42,291
14
186
151

6

"If you change the key be aware that passwords saved with Hash::make() will no longer be valid." - That's something that I thought, too. I also read this quite often on the internet. However, if you have a look at https://github.com/laravel/framework/blob/5.5/src/Illuminate/Hashing/HashServiceProvider.php and https://github.com/laravel/framework/blob/5.5/src/Illuminate/Hashing/BcryptHasher.php and the past versions of this code, the app key is not used to salt the hash or for anything else. I tried changing the app key and, like the code suggests, my password is still checked correctly. – Leif Apr 25 '18 at 09:15
2

Application key is used to encrypt session data, rather than passwords, which is mentioned in the [documentation](https://laravel.com/docs/master/installation#configuration) and in addition, at least from my understanding, it assumes symmetic decryptable encryption. – Sergey Neskhodovskiy Jul 25 '18 at 11:35

score 1 · Answer 5 · edited Mar 23 '19 at 08:47

1

For me the problem was in that I had not yet ran composer update for this new project/fork. The command failed silently, nothing happened.

After running composer update it worked.

edited Mar 23 '19 at 08:47

Udhav Sarvaiya

9,380
13
53
64

answered Apr 30 '17 at 16:54

ux.engineer

10,082
13
67
112

2

You may mean `composer install`. You shouldn't necessarily be running `composer update` immediately on a new fork of a project, unless you actually want to be updating dependencies. – Dan Abrey Oct 21 '19 at 09:00

Laravel 5 Application Key

5 Answers5

If you change the key be aware that passwords saved with `Hash::make()` will no longer be valid.

Linked

Laravel 5 Application Key

5 Answers5

If you change the key be aware that passwords saved with Hash::make() will no longer be valid.

Linked

If you change the key be aware that passwords saved with `Hash::make()` will no longer be valid.