Determine if APP_KEY is defined in the environment.
If so, we're done. But if missing, the setup script should create:
APP_KEY=SomeRandomString
Then, it should run php artisan key:generate to replace it by a custom key.
Some background information is given at rDNOTIFbacf9390fa39 audit.
| rDNOTIF Notifications center Docker image | |||
| D258 | rDNOTIF73d49d978c97 Ensure APP_KEY is defined | ||
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | dereckson | T690 Ensure APP_KEY is properly defined | |||
| Resolved | dereckson | T691 Revert APP_KEY to a dummy non 32 character value |
SomeRandomString actually won't work.
if (file_exists($path)) { file_put_contents($path, str_replace( 'APP_KEY='.$this->laravel['config']['app.key'], 'APP_KEY='.$key, file_get_contents($path) )); }
Actually, the application itself creates a security risk with a default valid key. That will be SomeRandomString.