Laravel APP_KEY Generator

Generate a cryptographically secure APP_KEY for your Laravel application.

  1. Home
  2. > Web Dev > Laravel Tools >
  3. APP_KEY Generator

Configuration

Generated Keys

Configure your key and click Generate.

How to Use the APP_KEY Generator

  1. Select key type — AES-256 (32 bytes) is recommended for Laravel 10+. AES-128 (16 bytes) works for older versions.
  2. Toggle prefix — Keep base64: checked to generate a ready-to-use APP_KEY value you can paste directly into your .env file.
  3. Choose quantity — Generate 1, 3, 5, or 10 keys at once for team sharing or rotation.
  4. Copy or download — Click Copy All to copy all keys, or click the copy icon on individual keys.

Tip

After generating, paste the key into your .env file as APP_KEY=base64:xxxxxxxx. Then run php artisan config:clear to reload it.

Frequently Asked Questions

What is APP_KEY in Laravel?

APP_KEY is a secret string used by Laravel for encryption. It secures cookies, session data, encrypted values, and signed URLs. Every Laravel application must have a unique APP_KEY set in the .env file.

What happens if APP_KEY is missing?

Without a valid APP_KEY, Laravel's encryption features will throw a RuntimeException. Your application will not be able to encrypt/decrypt cookies, session data, or signed URLs.

Can I change APP_KEY after deployment?

Yes, but with caution. Changing APP_KEY will invalidate all encrypted data — including user sessions, encrypted cookies, and password reset tokens. Users will be logged out. Only change the key during maintenance or when explicitly rotating secrets.

What is the difference between AES-128 and AES-256?

AES-128 uses a 16-byte (128-bit) key and is the minimum requirement for Laravel. AES-256 uses a 32-byte (256-bit) key and provides a higher security margin. Laravel 10+ defaults to AES-256. Both are considered secure, but AES-256 is recommended.

Is this tool cryptographically secure?

Yes. This tool uses the Web Crypto API's crypto.getRandomValues() method, which is backed by the operating system's CSPRNG. The generated keys are indistinguishable from those produced by php artisan key:generate.

How is the key different from php artisan key:generate?

Both methods produce the same result — a random 32-byte value encoded as Base64 with the base64: prefix. This tool simply gives you a browser-based alternative that works without a Laravel installation.