Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hey there. Sorry for that question, but..
Will Laravel work with a 'manually' (without artisan) generated App_Key, kinda:
$phrase = $_GET('PHRASE'); //user input
$pass = $_GET('PASS'); //user input
$cipher = 'AES-256-CBC';
$appkey = openssl_encrypt($phrase, $cipher, $pass);
to use it in a via setup-script-generated .env-file on a production server?
And, if so, is this key just required in the .env-file or somewhere else also? 😆
Thanks for your support!
its just a random string, only stored in the env file (or in config cache) and used for things like encrypting cookies and session so don't go changing it at odd times because all users will be logged out.
You appear to be over thinking it. What is the benefit of the user providing their own key?
huh.. damn: that was fast! thanks for your answer!!!
erm.. assuming i clone the laravel-app:
if i extract a copied .zip file on a (different) server including an .env-file, it should be the same app key in every clone.
without an .env-file, checking in welcome.blade if .env is set -and if not execute a setup script- i would rather use a unique app key, besides the possibility to let the admin (not user) set up name, db-connection aso...
completely wrong? laravel misunderstood?
extract the zip and run (from script) php artisan key:generate
There is no benefit from the 'owner' having a say in what the key contains. It just needs to be unpredictable.
By the way, you won't get as far as running an http request if the key is missing.
thank you, snapey. will do so!
Please or to participate in this conversation.