Local Storage seems to be disabled in your browser.
For the best experience on our site, be sure to turn on Local Storage in your browser.
Magento 2 Rotate Encryption Key

The encryption key in Magento is used to encrypt sensitive data such as API credentials, and most important thing, the Admin WebAPI Token is issued by this key. We need to rotate it if the key is leaked. In this blog we discuss a GUI way and command line ways. We also prepared a tool for deployment automation.
GUI Way
As described in the image above, login to Admin Panel and go to System > Other Settings > Manage Encryption Key
. Switch Auto-generate a Key
to Yes
and then click the Change Encryption Key
button, extremely straight forward.
If you are interested in the key format or want to input one by yourself, read this blog post, and then you should be able to generate the key manually.
Command Line Way
There is an official command but only available on newer Magento versions.
php bin/magento encryption:key:change [-k|--key KEY]
If you don't have this command, install our tool.
php bin/magento ww:encryption-key-manager:rotate [-k|--key KEY]
And this command provides equivalent functionality.
However
There is bug(vulnerability) which renders the authentication process ineffective in the following Magento versions:
2.4.4 ~ 2.4.4-p9
2.4.5 ~ 2.4.5-p8
2.4.6 ~ 2.4.6-p6
2.4.7 ~ 2.4.7-p1
The solution is upgrading Magento to the newest version or use our patch