Last updated on February 16, 2023
Laravel framework keeps APP_KEY
in the .env
file that is located in the root directory. It is a random string used to encrypt cookies, sessions, and CSRF tokens. Laravel does not use it to hash passwords, so your password wouldn’t be affected if you deleted it.
When we install Laravel through the installer, it generates the app key along with other dependencies. The below command generates a new app key in the .env file,
php artisan key:generate
This command generates a random string and stores it APP_KEY
inside the .env
file. Every time, when we run a Laravel application, it goes to the .env file to take the configuration values. Usually, we have to run this command when we clone a Laravel application because we don’t get the .env
file in the cloned project.
Laravel also provides an option –show
that can be used along with the same command to generate and view the app key. Following is the command,
php artisan key:generate --show
This commands generates and prints the app key into the terminal but does not store them in the .env file. It can be used as well in the .env
file by copy and paste, it depends.
Laravel returns the following error when it gets the wrong app key,
RuntimeException: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths. in file larave-project\vendor\laravel\framework\src\Illuminate\Encryption\Encrypter.php on line 43
Usually, Laravel returns this error when it gets the wrong app key which can be fixed by generating a new app key. Also below commands need to run after generating the app key,
php artisan config:clear
This command removes the configuration cache file. Then below command needs to run,
php artisan config:cache
This command creates a configuration cache file that would load the Laravel application fast.
To generate key in Laravel framework, run php artisan key:generate
command in the terminal that generates key and stores into in .env
file.