Laravel App Key Rotator
APP_KEY can be as simple as running
php artisan key:generate, but what about your encrypted model data? This is where Laravel App Key Rotator comes in. This package can help with generating a new app key for you, as well as decrypting and re-encrypting your model automatically for you through an artisan command.
It's also generally a good practice to rotate your app keys periodically (e.g. every 6 months) or when certain events happen, such as an employee leaving the company. See more information here: https://tighten.co/blog/app-key-and-you/
Rotating your app keys is as simple as running this artisan command:
php artisan app-key-rotator:rotate
For documentation, please visit: https://randallwilk.dev/docs/laravel-app-key-rotator
You can install the package via composer:
composer require rawilk/laravel-app-key-rotator
You can publish the config file with:
php artisan vendor:publish --provider="Rawilk\AppKeyRotator\AppKeyRotatorServiceProvider" --tag="config"
This is the contents of the published config file:
return [ /* * This value will be set in the .env file when running the * app-key-rotator:rotate command. */ 'old_app_key' => env('OLD_APP_KEY'), /* * List the model classes and the fields that need to be re-encrypted. * * Example: * [ * \App\User::class => [ * 'username', * 'date_of_birth', * ], * ], */ 'models' => , /* * When re-encrypting models, this is the chunk size that will be used to help avoid * memory limits. Adjust according to your needs. */ 'model_chunk_size' => 500, /* * List any actions here that should be performed when rotating app keys. * * Each action must implement the \Rawilk\AppKeyRotator\Contracts\RotatorAction interface. * * Every action receives the package's config and an instance of the AppKeyRotator * through the constructor as well. */ 'actions' => [ \Rawilk\AppKeyRotator\Actions\ReEncryptModels::class, # a custom model re-encrypter should extend this class ], ];
Please see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email firstname.lastname@example.org instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.