Laravel's APP_KEY is crucial for encryption services, including encrypted cookies, session data, and any data encrypted using Laravel's Crypt facade. It must be a 32-byte key encoded in base64 format.
What is Laravel APP_KEY?
The Laravel APP_KEY is used by the framework's encryption services. Laravel uses AES-256-CBC encryption by default, which requires a 32-byte (256-bit) key. The key is stored in base64 format with a 'base64:' prefix for easy configuration.
Key Requirements
- Exactly 32 bytes (256 bits) before base64 encoding
- Must be prefixed with 'base64:'
- Required for Laravel's encryption services
- Essential for secure session and cookie handling
How to Use
Add the generated key to your .env file: ``` APP_KEY=base64:your_generated_key_here ``` Alternatively, use the artisan command: ```bash php artisan key:generate ``` For programmatic generation: ```php $key = 'base64:' . base64_encode(random_bytes(32)); ```
Best Practices
- Generate a unique key for each environment
- Never share keys between applications
- Back up your production key securely
- Use Laravel's config caching in production
- Rotate keys carefully to avoid data loss
Common Mistakes to Avoid
- โCopying APP_KEY between environments
- โNot regenerating the key after cloning a project
- โLosing the production key (encrypted data becomes unrecoverable)
- โUsing php artisan key:generate in production without backup