Encryption Key | Adobe Commerce 2.3 User Guide (Archived)

Encryption Key

This site contains archived merchant documentation for a version of Adobe Commerce and Magento Open Source that has reached end-of-support. The documentation available here is intended for historical reference only and is not maintained. The Adobe Commerce Merchant Documentation for current releases is published on the Adobe Experience League.

Magento uses an encryption key to protect passwords and other sensitive data. An industry-standard Advanced Encryption Standard (AES-256) algorithm is used to encrypt all data that requires decryption. This includes credit card data and integration (payment and shipping module) passwords. In addition, a strong Secure Hash Algorithm (SHA-256) is used to hash all data that does not require decryption.

During the initial installation, you are prompted to either let Magento generate an encryption key, or enter one of your own. The Encryption Key tool allows you to change the key as needed. The encryption key should be changed on a regular basis to improve security, as well as at any time the original key might be compromised. Whenever the key is changed, all legacy data is re-encoded using the new key.

For technical information, see Install the Magento software in the developer documentation.

System encryption key Encryption Key

Step 1: Make the File Writable

To change the encryption key, make sure that the following file is writable: [your store]/app/etc/env.php

Step 2: Change the Encryption Key

On the Admin sidebar, go to System > Other Settings > Manage Encryption Key.
Do one of the following:
- To generate a new key, set Auto-generate Key to Yes.
- To use a different key, set Auto-generate Key to No. Then in the New Key field, enter or paste the key that you want to use.
Click Change Encryption Key.
Keep a record of the new key in a secure location.

It will be required to decrypt the data, if any problems occur with your files.