Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm working on developing an application that requires encrypting a few fields containing personal data. It isn't live yet, so I'm doing some tests on both the production and dev server (Homestead) to make sure everything is working properly in both places.
At one point I need to decrypt the data to see if they've registered before. If I have existing orders from my dev server, they can't be decrypted since the App Key is different.
For a fairly small project, would you make the App Key the same on both dev and production? Or would you setup a test database and modify your git settings so that nothing database related is pushed to the production server?
Thanks for your input!
@jthorpe I would have to say it is a matter of choice. Personally, I keep them the same because I do not ever commit my .env to a repository. I add the .env after I have deployed to production but before the site is live. Why complicate things when it isn't necessary. I'm sure some others will chime in as well.
.env starts with a period for a reason...
Never commit it to your repository and try not to put anything private in the config files. As for your question, I would keep the key the same locally if its just yourself.
If you are part of a team then you have to question who should be allowed access to production data.
I'm looking at this same issue right now with my first laravel project. My usual process from going to dev to production (or moving servers in general: stage, dev, etc) is:
In the case where it was appropriate to have a different APP_KEY, how would you regenerate it? Am I missing any fundamental difference in how laravel works compared with other PHP projects?
@jthorpe You should have different databases for dev and production which should make this a non-issue. If you want to “make sure everything is working properly in both places” then write tests.
In the case where it was appropriate to have a different APP_KEY, how would you regenerate it?
php artisan key:generate
Please or to participate in this conversation.