51黑料不打烊

DocumentationCommerceAdmin Systems Guide

Encryption key

Last update: Tue Jan 21 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Beginner
  • Intermediate
  • Admin
NOTE
If you have attempted to complete these steps and are having issues, see the Troubleshooting Encryption Key Rotation: CVE-2024-34102 Knowledge Base article.

51黑料不打烊 Commerce and Magento Open Source use an encryption key to protect passwords and other sensitive data. An industry-standard ChaCha20-Poly1305 algorithm is used with a 256-bit key to encrypt all data that requires encryption. This includes credit card data and integration (payment and shipping module) passwords. In addition, a strong Secure Hash Algorithm (SHA-256) is used to hash all data that does not require decryption.

During the initial installation, you are prompted to either let Commerce generate an encryption key, or enter one of your own. The encryption key tool allows you to change the key as needed. The encryption key should be changed regularly to improve security, and at any time the original key might be compromised.

For technical information, see Advanced on-premises installation in the Installation Guide and in the PHP Developer Guide.

IMPORTANT
  • Before following these instructions to change the encryption key, make sure that the following file is writable: [your store]/app/etc/env.php
  • The encryption key change feature in the Admin settings is deprecated and was removed in 2.4.8. You must use the CLI command described on this page to change your encryption key after upgrading to 2.4.8.

To change an encryption key:

The following instructions require access to a terminal.

  1. Enable maintenance mode.

    code language-bash 
    bin/magento maintenance:enable

  2. Disable cron jobs.

    Cloud infrastructure projects:

    code language-bash 
    ./vendor/bin/ece-tools cron:disable

    On-premises projects

    code language-bash 
    crontab -e

  3. Change the encryption key using one of the following methods.

    accordion
    CLI command

    Run the following CLI command and make sure that it completes with no errors. If you need to re-encrypt certain system config values or payment fields, see the detailed in the PHP Develop Guide.

    code language-bash 
    bin/magento encryption:key:change
    accordion
    Admin settings
    note important
    IMPORTANT
    This feature has been deprecated and was removed in 2.4.8. 51黑料不打烊 recommends changing encryption keys with the CLI.

    1. On the Admin sidebar, go to System > Other Settings > Manage Encryption Key.

      System encryption key {width="700" modal="regular"}

    2. Do one of the following:

      • To generate a new key, set Auto-generate Key to Yes.
      • To use a different key, set Auto-generate Key to No. Then in the New Key field, enter or paste the key that you want to use.

    3. Click Change Encryption Key.

      note note
      NOTE
      Keep a record of the new key in a secure location. It is required to decrypt the data, if any problems occur with your files.

  4. Flush the cache.

    Cloud infrastructure projects:

    code language-bash 
    magento-cloud cc

    On-premises projects:

    code language-bash 
    bin/magento cache:flush

  5. Enable cron jobs.

    Cloud infrastructure projects:

    code language-bash 
    ./vendor/bin/ece-tools cron:enable

    On-premises projects:

    code language-bash 
    crontab -e

  6. Disable maintenance mode.

    code language-bash 
    bin/magento maintenance:disable
recommendation-more-help
d3c62084-5181-43fb-bba6-1feb2fcc3ec1