App Key?

App Key is used for all encrypted data, like sessions.

.env is the good place for it.

I thought that is what it is used for, so am I correct then in copying it to my Forge installation?

I dont use Forge but it's a server and you need to copy your .env in your installation.

Btw Artisan creates the key in config.app.php, not directly in .env.

I'm using Laravel 5 and that that may have changed recently, as when I run artisan key:generate my .env file was automatically updated :)

Thanks for your help.

You're right, I wasn't with the last commit, it sets directly in all .env and also in config/app.php.

I always copy it over or just creat a new one on Forge directly from CLI

Could some one anwser @Youndivian ? Should old passwords still be working after I change the app key? And one more thing. Should I use the same app key on local env as on the serwer?

App key has nothing to do with hashing passwords, it is used to encrypt sessions.

@akselon @Youndivian Passwords are hashed using bcrypt and do not rely on the app key or anything else so they will work fine (see: \vendor\laravel\framework\src\Illuminate\Hashing\BcryptHasher.php).

As for Forge, log in and navigate to your server and click the icon under Manage. Then choose the tab labeled Environment and click the button labeled Edit Environment. Paste your varables into the overlay and click save. Your changes will be saved as a .env to your project's root. I can't think of any reason to use a different app key, but it is only material to the app that uses it (i.e. prod/dev/etc).

@lindstrom Thanks! @akselon It seems that the issue with passwords is actually from Laravel 4

I feel strongly about it and love finding out more about it. If you could, as you learn more, would you mind adding more information to your blog