When to generate a new Application Key in Laravel?

php laravel laravel-5 console laravel-5.1
150,317

Solution 1

php artisan key:generate is a command that sets the APP_KEY value in your .env file. By default, this command is run following a composer create-project laravel/laravel command. If you use a version control system like git to manage your project for development, calling git push ... will push a copy of your Laravel project to wherever it is going, but will not include your .env file. Therefore, if someone clones your project using git clone ... they will have to manually enter php artisan key:generate for their app to function correctly.

So, TL:DR the only time you need to call php artisan key:generate is following a clone of a pre-created Laravel project.

Side note: If you try to run a Laravel project with your APP_KEY set to SomeRandomString (which is the default in your .env.example file, you will actually get an error:

No supported encrypter found. The cipher and / or key length are invalid.

Solution 2

The most important thing to do when cloning a laravel project is to first run composer update then composer install. The composer install command installs any required dependencies for that laravel app.

The steps I took to clone a laravel project required the php artisan key:generate command. I can see in my .env file that there is an updated APP_KEY=base64:xxxxxxxxxxxxxxxxxxxx after running this command.

Share:
150,317
code-8
Author by

code-8

I'm B, I'm a cyb3r-full-stack-web-developer. I love anything that is related to web design/development/security, and I've been in the field for about ~9+ years. I do freelance on the side, if you need a web project done, message me. ;)

Updated on July 05, 2022

Comments

  • code-8
    code-8 almost 2 years

    Since it automatically sets it for me in my .env file when I create the app, I'm not sure when I should run it.

    In addition to that, if a second developer comes in, and clones the app, does he/she need to run php artisan key:generate ?

    How do we know exactly when to run php artisan key:generate ?

    • johnRivs
      johnRivs almost 5 years
      @tino.codes Incorrect. APP_KEY has nothing to do with hashing. Read more: tighten.co/blog/app-key-and-you
    • tino.codes
      tino.codes almost 5 years
      @johnRivs you're absolutely right. Four years ago I still believed this myth.
  • code-8
    code-8 over 8 years
    Thanks a lot for your explanation. So with that being said, developer A and developer B might have different APP_KEY Will that be a problem in the future ?
  • Tim Lewis
    Tim Lewis over 8 years
    I don't believe so, but it is entirely possible. That being said, I haven't seen any cases in my year+ of development with Laravel.
  • code-8
    code-8 over 8 years
    That's fair enough for me. One last question, is it okay if Developer B leave that APP_KEY blank after cloning the project. Is it a big deal to leave that blank ?
  • Tim Lewis
    Tim Lewis over 8 years
    I just added a "Side Note" for that question. The answer is no, you will not be able to run the project without a key.
  • code-8
    code-8 over 8 years
    Thank-you. You seemed to answer all the doubt that I have about php artisan key:generate
  • Tim Lewis
    Tim Lewis over 8 years
    No problem. Glad I could help!
  • R0b1n
    R0b1n almost 4 years
    what if we commit .env file?
  • Tim Lewis
    Tim Lewis almost 4 years
    @Maven97 It's not a good idea to commit your .env file (unless you're 100% certain that the information contained within it is secure/you don't mind people seeing keys/passwords, etc), but if you do, then you don't need to call this command.
  • Adam
    Adam almost 4 years
    What is the idea behind that auto-generated key? Whats the whole point?
  • Tim Lewis
    Tim Lewis almost 4 years
    @Adam You can see here what the Application Key is used for: laravel.com/docs/7.x/installation (scroll down a little). It's used for session data, encryption, etc etc.
  • Adem Tepe
    Adem Tepe over 3 years
    I want to ask about the opposite situation of the first comment: is it ok if developer A and developer B use the same APP_KEY? Would it be problem if I put it in .env.example file?
  • Tim Lewis
    Tim Lewis over 3 years
    @AdemTepe Two developers can use the same APP_KEY, that's fine, and will actually allow sharing data between their two local databases (i.e. if one is corrupted, a restore from the other should work without modification). I'd still advise against putting it in .env.example though, simply for security reasons. An external storage, like AWS Secret Manager or similar, is a better solution for shared configuration like keys and whatnot.
  • Damilare Koiki
    Damilare Koiki over 2 years
    This worked for me 1) composer update 2) composer install 3) php artisan key:generate It worked, thanks

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Include a file in laravel controller?
Class App\Repositories\UserRepository does not exist
How to use NOT FIND_IN_SET in Laravel 5.1?
Ajax Post not Working in laravel 5.1
How to set database, server, username and password in Laravel 5.1?
Setting value datetime-local on laravel
Redirect back to a specific tab pane in Laravel
LARAVEL how to change $fillable in Model from trait?
Laravel Use different queue connection to dispatch Jobs
withoutOverlapping() is not working in Laravel Schedule