Framework: The only supported ciphers are AES-128-CBC and AES-256-CBC

You need to follow our upgrading guide.

and it looks like a Symfony component was removed that handles the decoding.

No?

@GrahamCampbell Thanks but I don't have a 'cipher' key in my config/app.php. I've added it and it works, however I didn't remove it so the upgrade guide is misleading.

In config/app.php I have

'cipher' => 'AES-128-CBC',

In my .env file I have APP_KEY of length 32 characters. I am getting the same error as above.
I also tried php artisan key:generate, which created a new key of length 16 characters, but it still has the same error message.

You likely need to clear the config cache.

Ok sorry.. I think artisan config:clear may have done the trick... it was looking for the wrong env variable in another location, so the key was an empty string. Rookie mistake. Thanks.

run this command

php artisan key:generate

and the clear config cache using

php artisan config:clear

will solve this problem

You should run confg:cache rather than clear.

The problem I encountered is in config/app.php as a default after key:generate this was the result.
'key' => env('32charshere'),

The problem is the key is empty for config and doesn't get registered, that's why the error

change to
'key' => '32charshere',

and works

Try run 'php artisan key:generate' again if you have such an issue.

In my case, the composer do not generate .env file. So i've created it, then execute key:generate and it works!

In my case, I just run the command php artisan config:clear. Thank you!

I get this error if I refresh the page too quickly, otherwise it works fine.

I get this error if I refresh the page too quickly

That's because you forgot to cache the config.

use in command copy .env.example .env because you are missing the .env file. at least it worked for me.
and then use the generate key command.

Steps to solve this problem.

1. Create .env file using this command (copy .env.example .env)
2. Run command (php artisan key:generate)

Hi i m having the error while i running laravel.

RuntimeException in compiled.php line 13231: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.

1. php artisan key:generate
2. the key which is generated, add that to your env file as APP_KEY = [generated_key]

In my own case the following was what worked

1. ensure you have .env file if not rename the .env.example to .env
2. run the command php artisan key:generate

If you get this error and using artisan serve, once you fix the .env issue restart the process

using $_ENV as a default in the event that the .env file hasn't been loaded yet fixed it for me:

'key' => env('APP_KEY', $_ENV['APP_KEY'])

php artisan key:generate

Edit and Delete modal window its come good, but the action it's not working... thank you on advance!

For me, adding a new .env.testing file and running phpunit cause to this error:

RuntimeException: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.

Thank u and it's work!

100% Perfect and has been tested....
On Dec 30, 2016 5:35 AM, "ShareMan" notifications@github.com wrote:

Thank u and it's work!

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/laravel/framework/issues/9080#issuecomment-269756391,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFDnGeBREQu5P-MfZpFq94M596LcWDWcks5rNN5wgaJpZM4E4_iU
.

thank you all 100% working properly

I've finishing another one... I'll contact sonest for you can download and
test... Please make comment con Youtube...
On Jan 11, 2017 12:33 AM, "knuks" notifications@github.com wrote:

thank you all 100% working properly

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/laravel/framework/issues/9080#issuecomment-271782325,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFDnGQz-QmJM73-fQhVq7vs2bg3DAcPmks5rRGmlgaJpZM4E4_iU
.

'key' => env('APP_KEY', $_ENV['APP_KEY'])

That fixed it for me

It all depends on how you copy the key, e.g.

$ php artisan key:generate --show

gives you:

←[33mbase64:RGHTRHHdrg34984jrgg894g45gj5j54igYR6=←[39m

but what you type in as your key is (you leave out some of the starting and ending characters):

mbase64:RGHTRHHdrg34984jrgg894g45gj5j54igYR6

Comment by @mehranrasulian pointed me in the right direction.

Everything worked simply and flawlessly until I created a .env.testing to support a CI pipeline I was working on. I was unaware that this file would be treated specially, but it turns out that the docs say that values in .env.testing will override values in .env when running PHPUnit.

I fixed the error by copying my development key (the whole APP_KEY line from .env) into the .env.testing file and the error went away.

you need to set the .env file : APP_KEY properties set 32 characters

In my case, I have run these two commands and it works fine.
1-
php artisan key:generate

2-
php artisan config:cache

This worked for me:

1. Create .env file in main directory
2. Copy everything from .env.example (https://github.com/laravel/laravel/blob/master/.env.example)
3. Run php artisan key:generate

👍 Thanks for the help guys.

It's pretty disappointing that no attempt is made here to explain why one would want to run artisan key:generate. No attempt is made to explain what this does, why it must be done, or whether the values and/or files it may generate should be the same or different on a dev machine versus a production machine et. al.

Are these values sensitive? Do they affect sessions or other functionality within the framework? What files are changed?

@sneakyimp Application key affects session hashes and "other encrypted data" (as it's said in docs), I think it might be the same as on dev and production, only if it is not exposed anywhere in public. In that case theoretically you will be able to transfer session records between environments and they will match, because the was created (signed) with the same application key.

The need to generate a key (if it's not already generated by installer) listed in the installation section of documentation: https://laravel.com/docs/5.4/installation#configuration

You should run confg:cache rather than clear.

I think you mean config:cache

Following worked for me:

$ cp .env.example .env
$ php artisan key:generate
$ php artisan config:clear
$ php artisan config:cache

I'm on L5.4, and this error pops up every now and then. In fact, it logs it twice on a single request. One refresh later, and all is fine (until the next time). I did try the above steps, but it still happens every now and then.

@GrahamCampbell / @taylorotwell - any ideas why this could be the case? (L5.4.13; Windows 10 x64; PHP 7.0)

can help me? I have this problem too. my command php artisan key:generate create key such as: base64:XOUdt2LMKtb/PMVCOiX7sAvfXJr6ThV7Kd2H7YFmHFk=. I think this don't corect

@BodikSilver If using generate, it should work fine. Do you always get the error, or only every now and then? You might want to enclose it in double-quotes - not sure if that will help, though.

always

sorry, only in this project

before, in another project was key corect such as: gRwe1YT1XRXiS1G0GXRbOZb5sXN91qBQ

may be I need do some settings for create corect key? becouse lenght created key = 43

@BodikSilver Keys have been encoded using base64 for some time now.

so what I must do for resolve this problem?

@BodikSilver Ask here please https://laracasts.com/discuss/channels/laravel

Idon't know how? but after restart my laptop it work

php artisan key:generate worked!

@BodikSilver, I just faced the issue and solved it. Just add a slash to your key after base64: in your key that it looks like that:

APP_KEY=base64:/h4k6fjT8lmQ60lUXpGrPqJzFRBmMllYS2TJRLBEz1c=

hi
my problem is :

pls help me.

@vahidrezaei Your issue is not relevant to this one. Please open a new issue at the Telegram SDK repo.

--to sample project

1. create a new project by the name of command ' laravel new projectname '
2. php artisan key:generate

--to your project

1. copy .env.example .env
2. copy the key from sample project to your project APP_KEY=base64:s73yn+HBscYlSivoHPeNCntMwM8v2WCnrqJI8BUOQSQ=
3. php artisan config:clear
4. php artisan config:cache
5. php artisan key:generate

I think this would be helpful to you.

Same as @mikerockett. The error only occurs every once in a while (I've only seen it in AJAX requests so far).

I have version 5.4.19 (not upgraded from a previous version)
APP_KEY is set in .env (was set during installation)

The strange thing is, the error says "production.ERROR" even though I'm back in local mode. I have tried production mode (with config:cache) but I'm now back to local. I have also done "php artisan config:clear" since.

Piece of the error:

[2017-05-10 09:52:55] production.ERROR: RuntimeException: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths. in C:\project\vendor\laravel\framework\src\Illuminate\Encryption\Encrypter.php:43
Stack trace:
#0 C:\project\vendor\laravel\framework\src\Illuminate\Encryption\EncryptionServiceProvider.php(27): Illuminate\Encryption\Encrypter->__construct('', 'AES-256-CBC')
#1 C:\project\vendor\laravel\framework\src\Illuminate\Container\Container.php(716): Illuminate\Encryption\EncryptionServiceProvider->Illuminate\Encryption\{closure}(Object(Illuminate\Foundation\Application), Array)
#2 C:\project\vendor\laravel\framework\src\Illuminate\Container\Container.php(598): Illuminate\Container\Container->build(Object(Closure))

To elaborate my own situation :-)

It seems the .env file is locked during a request and can't be read by a simultanious other request. When the .env file can't be read the default settings (from the config dir) will be used. Hence the "production.ERROR" and the absense of the encryption key.

It seems config:cache solves the problem (since it bypasses the .env file). Haven't tried this though.

I think this functionality should have a big heads up in the laravel documentation. It can lead to strange bugs that occur randomly...

use this command

php artisan key:generate

I have the same problem, even when I run php artisan key:generate it also returned the same error. I fixed this by editing .env file and enter 32 random chars for APP_KEY (I use AES-256-CBC)

I have the same issue @pimski

Under a heavy load of requests, two async ajax requests are made, and during the second request the .env file is locked, so I receive the error only for that request.

To elaborate my own situation :-)

It seems the .env file is locked during a request and can't be read by a simultanious other request. When the .env file can't be read the default settings (from the config dir) will be used. Hence the "production.ERROR" and the absense of the encryption key.

It seems config:cache solves the problem (since it bypasses the .env file). Haven't tried this though.

I think this functionality should have a big heads up in the laravel documentation. It can lead to strange bugs that occur randomly...

I think this should be revised, because it is very common two have parallel requests.

I'm using WAMP on Windows 10, @pimski which OS/Webserver Stack are you using ?

Cache your configuration and don't use env outside your config files. Shouldn't use env in production except from config.

Ok, I see that doing config:cache in a Laravel Application solves the problem, but in a Lumen Application the .env file seems to be the only way:

https://lumen.laravel.com/docs/5.4/configuration

There is no "config caching".. I've even tried to copy the config:cache artisan command, but the cached file has no effect ... Lumen is always trying to access the .env file..

Any ideas ?

I was using 'key' => env('Wd8ixPMi0t89o+bCZHkjQvL8ljkWSLwJLPlhEArWick') instead of
'key' => env('APP_KEY','Wd8ixPMi0t89o+bCZHkjQvL8ljkWSLwJLPlhEArWick'). so using
'key' => env('APP_KEY','Wd8ixPMi0t89o+bCZHkjQvL8ljkWSLwJLPlhEArWick') finished the job for me

Besides this guide demystified my installation process
https://tecadmin.net/install-laravel-framework-on-ubuntu/#

php artisan key:generate then restart php artisan ser

work's fine, Thanks

language: php

php:
  - 5.6

before_script:
  - cp .env.travis .env
  - mysql -e 'create database homestead_test;'
  - composer self-update
  - composer install --no-interaction
  - php artisan migrate
  - php artisan key:generate
  - php artisan config:clear
  - php artisan config:cache

# script:
# - phpunit

config

The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths. laravel 5.3

I solve this my cp ./.env /var/www/market

i have the same issue but i try
php artisan key:generate
and resart your php artisan serve
then it works

Three things I've noticed that are bugs in this behaviour and took me a while to work out:

1. php artisan key:generate will say that it has set the application key successfully even if it hasn't.
2. You must have a line APP_KEY= in your .env - key:generate won't add this for you.
3. key:generate will append to, rather than replace, APP_KEY. If you run key:generate multiple times, you'll end up with a long key that doesn't work.

1. run php artisan key:generate if you received
   [ErrorException] file_get_contents(/.env): failed to op en stream: No such file or directory
   You need to rename .env.example to .env in the application root

This is still an issue. Fresh install from yesterday (Laravel 5.4).
I cannot get it to work with the key in .env. It has to be either in config/app.php or the config has to be cached, both no viable solutions.

Edit: I feel a bit dumb now. .env was not readable. Might be good to produce at least a warning when this happens 'Warning: .env exists but cannot be read' or something like that

Hi i changed the value of the 'key' parameter in app.php for the value of the APP_KEY in the .env file like this:
OLD: 'key' =>'env('APP_KEY')'
NEW : 'key' =>'base64:ybs4GNU0vR4bmJVAJx+c82nFIpbJ3cHop4dwcS3QTe*(',

Thats work for me.

@JonMadVal while that technically works, that isnt really a secure solution

one of the reasons that key, along with database/service credentials are in the .env file is that they shouldnt be included in your source control, which by default at least, config files are, .env is not

it would be far better to look into why it failed to read the value from .env, which is likely to either be a file permissions issue, or a caching issue (try running artisan config:clear)

@rs-sliske for sure is not a secure solution but any of the above solutions works for me, i tried changed the permissions file, i executed the config:clear command, re-build the key but does't works.

maybe the weekend i can work on it and looks for the optimal solution.

If you have some idea to tried i'll glad to know it, i'm running laravel fedora.

Thanks

I have the same issue, on Laravel 5.4.*, I am getting:

local.ERROR: exception 'RuntimeException' with message 'The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.'

and

local.ERROR: exception 'PDOException' with message 'SQLSTATE[HY000] [1045] Access denied for user ''@'localhost' (using password: NO)'

Putting APP_KEY and DB_* values directly in config/app.php and config/database.php solved the issue, but I don't think this is the best solution.

I have .env file with permissions 0744 and all variables mentioned above set correctly.

Other than setting values directly in config files, I've tried all solutions suggested above:

php artisan key:generate
php artisan config:clear

with no permanent effect, the error pops up randomly, most with ajax requests (eg. uploading multiple files, where 3 of 4 files are uploaded, the 4th returns one of the errors)

When I try config:cache after key:generate I get:

local.ERROR: exception 'Symfony\Component\Debug\Exception\FatalErrorException' with message 'Cannot redeclare class App\__'

One think to notice, I am running these commands from a route:

Route::get('/clear-fix', function() {
    $this->middleware('auth');
    $exitCode = Artisan::call('key:generate');
    $exitCode = $exitCode == 0 ? Artisan::call('config:clear') : $exitCode;
    $exitCode = $exitCode == 0 ? Artisan::call('config:cache') : $exitCode;
    return $exitCode;
});

Mine works using this:

1. composer update
2. php artisan key:generate
3. php artisan config:clear
4. php artisan config:cache

I think the cause of the problem is there is no proper key cached.
In my situation, I solved it by performing the following procedures:
If you have ignored the .env file, which you should, then just do the following things:

1. Make sure you have .env, create one by cp .env.example .env
2. Generate new key by php artisan key:generate
3. Clear cache and cache new key by php artisan config:cache

Hope it works for you.

Here is a simplistic explanation of how this Laravel/Heroku API key business works, according to my understanding and how I managed to get it working:

• When you create a new laravel application, an APP_KEY constant is created in .env
• Your Heroku deployment of the Laravel app must have the same key
• You can set/update the key that Heroku has via the Heroku dashboard, OR you can set it via the command line with 'heroku config:set APP_KEY=...'
• The form of the key is 'base64:' followed by 43 characters and an equals sign (I think this is right, anyway the important thing is that you include the whole thing - initially I mistakenly left off the 'base64:' part)

I found the official documentation to be unclear. You are told to use artisan to generate a key, but my understanding is that (1) you don't need to do this because a key will have been created (by Composer) during creation of the laravel application (2) if you do use artisan to generate a key you would need to manually insert this key into the laravel .env file as well as supplying it to Heroku since it will be different from the one you currently have in .env (perhaps in some environments the artisan generate command updates .env?)

The .env file is updated every time you run the command. The only time the key is automatically created for you is when you run "laravel new" to create an app. Anytime you clone a repo or begin a project another way, you'll need to run that command. Then, no matter what hosting service you use, you'll have to set the key on the server to match the key that was generated.

That makes sense, and that's how I would have expected it to work, but on my (Windows) local machine running the command doesn't update the .env file.

You need to have .env on your appication folder then run:

$ php artisan key:generate
If you don't have .env copy from .env.example:

$ cp .env.example .env

The method is correct as @shakirblouch ，thanks！
run

php artisan key:generate

then run

php artisan config:clear

my version
php 5.6.36
laravel 5.3.*
window 10

In my case
php artisan key:generate
php artisan config:clear

After that i killed the old server and run again
php artisan serve

Because you should restart server after any change in .env file.

Following commands worked for me
php artisan key:generate
php artisan config:clear

add value to APP_KEY of .env file , like this:
APP_KEY=base64:jdsdaKgJLr9CmxOBgVfJaTNWuBPkmTp24NtAe6rWDmY=

In my case, I'v tried everything above and didn't worked. My app was running fine until it crashed and I'v found that env file was not being readed.

I was running app with php artisan serve. I stop serve and run the commands, but no solution. I'v found that you need to keep php artisan serve running and run these commands:

php artisan config:clear
php artisan config:cache

Restart php artisan serve

Thank you jay_mizray .

i believe php artisan serve is only intended to be used for development.

not for production.

I back to this post again and again... Can be many factors, then...

On non testing environments (production or develop, for example) environments:

• [X] php artisan config:clear
• [X] Check on config/app.php you are reading env file (like 'key' => env('APP_KEY'),)
• [X] Check .env file you have vale APP_KEY
• [X] Check if APP_KEY has the correct length (examples below)

On testing environments, also:

• [X] php artisan config:clear --env=testing
• [X] Check, if you have, .env.testing file you have vale APP_KEY and lenght.
• [X] Check, if you have, <env name="APP_KEY" value="xxx/> on phpunit.xml
• [X] Key correct length:
  
  
  
  • AES-128-CBC base64:fOy5GTwFhkcBrcdtCtDZKQ== or Zk95NUdUd0Zoa2NCcmNkdEN0RFpLUT09
  
  
  • AES-256-CBC base64:90jl2DpeHHRKn+no8/4Rpsg/ZemQB0PaNgSEv4kkiqw=
  
  

If the problem persists, put this before error: dd(config('app.key'));, check if is your desired app_key. sometimes its a problem with cache, or a missing configuration.