Laravel framework keeps
APP_KEY in the
.env file that is located in the root directory. It is a random string used to encrypt cookies, sessions, and CSRF tokens. Laravel does not use it to hash passwords, so your password wouldn’t be affected if you deleted it.
When we install Laravel through the installer, it generates the app key along with other dependencies. The below command generates a new app key in the .env file,
php artisan key:generate
This command generates a random string and stores it
APP_KEY inside the
.env file. Every time, when we run a Laravel application, it goes to the .env file to take the configuration values. Usually, we have to run this command when we clone a Laravel application because we don’t get the
.env file in the cloned project.
Laravel also provides an option
–show that can be used along with the same command to generate and view the app key. Following is the command,
php artisan key:generate --show
This commands generates and prints the app key into the terminal but does not store them in the .env file. It can be used as well in the
.env file by copy and paste, it depends.
Laravel returns the following error when it gets the wrong app key,
RuntimeException: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths. in file larave-project\vendor\laravel\framework\src\Illuminate\Encryption\Encrypter.php on line 43
Usually, Laravel returns this error when it gets the wrong app key which can be fixed by generating a new app key. Also below commands need to run after generating the app key,
php artisan config:clear
This command removes the configuration cache file. Then below command needs to run,
php artisan config:cache
This command creates a configuration cache file that would load the Laravel application fast.