CODEWITHSUNDEEP
phpencryptionlaravel-5.1
mmik
mmik

Reputation: 6021

No supported encrypter found. The cipher and / or key length are invalid

There're lot's of people are having the same issue. However, my question is different here and this is not any duplicate question on StackOverFlow.

My Laravel 5.1 application is running fine on my localhost. However, when I setup it on the production server the first error I'm getting is No supported encrypter found. However, if I run php artisan key:generate then all is fine. But that's what I don't want to do as other people may not have skill with command line interface. So, I replaced 'cipher' => 'AES-256-CBC', to MCRYPT_RIJNDAEL_128 in config/app.php which resolved this. However, I don't know what's the negative way by doing this. Is there any recommendation for me to achieve what I want by doing in a standard way?

Upvotes: 0

Views: 2780

Answers (1)

Tim Lewis
Tim Lewis

Reputation: 29316

The only time php artisan key:generate needs to be manually called is when moving this project to a new environment, such as a development or production server. The reason you have to do this is this is shown the contents of the default .gitignore file:

/vendor
/node_modules
.env

A copy of this project that is pushed to a new environment will not include .env, which has the key APP_KEY=YourRandomKey along with DB_PASSWORD, MAIL_PASSWORD, etc etc. Basically all the stuff you would keep private and allow new environment managers to configure by editing the .env.example file that is pushed.

If you wanted to push these configuration variables with every copy of your project, you can, but I would highly recommend against this.

If you removed .env from the .gitignore file, the .env file would be pushed to your repository and included in any git cloneed projects.

Essentially, every copy of your project would have the same APP_KEY variable, but it would also expose your DB_PASSWORD, along with all other sensitive data found in .env. Basically, there is a way to accomplish the level of security you get with Laravel, but in order to accomplish that, you're throwing that security out the window...

Hopefully that gives some insight.

Upvotes: 2

Related Questions