Encryption key
CREATED FOR:
- Beginner
- Intermediate
- Admin
NOTEAdobe Commerce and Magento Open Source use an encryption key to protect passwords and other sensitive data. An industry-standard ChaCha20-Poly1305 algorithm is used with a 256-bit key to encrypt all data that requires encryption. This includes credit card data and integration (payment and shipping module) passwords. In addition, a strong Secure Hash Algorithm (SHA-256) is used to hash all data that does not require decryption.
During the initial installation, you are prompted to either let Commerce generate an encryption key, or enter one of your own. The encryption key tool allows you to change the key as needed. The encryption key should be changed regularly to improve security, and at any time the original key might be compromised.
For technical information, see Advanced on-premises installation in the Installation Guide.
IMPORTANT[your store]/app/etc/env.phpTo change an encryption key:
The following instructions require access to a terminal.
-
Enable maintenance mode.
bin/magento maintenance:enable -
Disable cron jobs.
Cloud infrastructure projects:
./vendor/bin/ece-tools cron:disableOn-premises projects
crontab -e -
On the Admin sidebar, go to System > Other Settings > Manage Encryption Key.
-
Do one of the following:
- To generate a new key, set Auto-generate Key to
Yes. - To use a different key, set Auto-generate Key to
No. Then in the New Key field, enter or paste the key that you want to use.
- To generate a new key, set Auto-generate Key to
-
Click Change Encryption Key.
NOTEKeep a record of the new key in a secure location. It is required to decrypt the data, if any problems occur with your files. -
Flush the cache.
Cloud infrastructure projects:
magento-cloud ccOn-premises projects:
bin/magento cache:flush -
Enable cron jobs.
Cloud infrastructure projects:
./vendor/bin/ece-tools cron:enableOn-premises projects:
crontab -e -
Disable maintenance mode.
bin/magento maintenance:disable