Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have an issue where user always to be logged out after deployment.
I am using fix APP_KEY and laravel passport package.
Is it because public oauth and private oauth key file stored in storage always being cleared caused the issue?
@crazylife Well, yeah you don't have to reset the public and private key on every deployment. You only need to change them if you think they are compromised.
It could also have something to do with clearing the session, if you save the session in the database for example.m
Oh, thanks. But usually where do we placed the key besides storage? Can i create a same level dir with storage and load the key from there?
The storage directory is perfectly fine to store them. That directory shouldn't be accessible for your users, since only the public directory is.
You can change the path to the keys inside a ServiceProvider by adding the following line
Passport::loadKeysFrom('/var/http/path/to/files');
I would however recommend sticking to the default unless it's a big deal-breaker for you.
i use a master folder to hold things that need to survive from one deployment to another
A symlink is created at deployment to link the current install to the master folder (I deploy to a different folder every time)
You could do the same, decide where to put these secrets and create a symlink
Please or to participate in this conversation.