To protect passwords and other important data, Magento uses an encryption key. An industry-standard Advanced Encryption Standard (AES-256) algorithm is used to encrypt all data that requires decryption. This includes credit card data and integration (payment and shipping module) passwords. Besides, this algorithm is used to hash all data that does not require decryption.
During the process of installation, you are allowed to either let Magento generate an encryption key itself, or you can create one of your own. The Encryption Key tool allows you to change the key as needed. The encryption key should be turned on to improve security, as well as at any time the original key might be compromised. Whenever the key is changed, all legacy data is re-encoded using the new key.
For technical information, see Install the Magento software in the developer documentation.
In this article, we will describe how to make a file writable and how to change the encryption key in Magento 2 admin panel.
Step 1: Make the File Writable
Make sure that the file in
[your store]/app/etc/env.php is writable to change the encryption key
Step 2: Change the Encryption Key
- On the Admin sidebar, tap System. Then under Other Settings, choose Manage Encryption Key.
- Do one of these steps: To generate a new key, set Auto-generate Key to “Yes.” To use a different key, set Auto-generate Key to “No.” Then in the New Key field, enter or paste the key that you want to use
- Tap Change Encryption Key.
- Save a record of the new key in a safe place. It will be required to decrypt the data if any problems occur with your files.Above is a tutorial on how to use the encryption key in Magento 2 admin panel. We hope that you can make your web store secure. See you in the next post.