Trying to solve an issue with encryption

[maxacarvalho]

I faced myself with an issue around encrypted values.

For example, let's say I have a production environment that's using one APP_KEY, and then let's say I need to extract a dump from the production the DB and work locally, that's going to fail since the APP_KEY on my local env is different than the one on the production servers.

Also on that, it's advisable to rotate the APP_KEY so, would be possible to use a different encryption method?

Thanks!

[rubenvanassche]

Hi @maxacarvalho,

I think this is more of an issue for the framework then for the package, ultimately we would have a command in Laravel that rotates the key. When the command is running, existing sessions would be re-encrypted with the new key and packages like ours could plugin into this. That would mean to loop over the settings table, decrypt all the values with the old key and encrypt them again with the new key.

I'm not sure if we should build such a feature right now into the package since it can be done in userland.

[maxacarvalho]

Hi @rubenvanassche
Thanks for your reply, that makes total sense.
I believe the best here is to either keep track of the application's encrypted data, and then decrypt/encrypt during the key rotation process. Or to completely override the Laravel's encryption class to use a different method.