APP_KEY is set to default, but I get an error when running ninja:update-key

For the past month or so, I’ve been getting a notice every time I log into my self-hosted instance of Invoice Ninja.

Error: APP_KEY is set to a default value, to update it backup your database and then run php artisan ninja:update-key

So I SSH into the server, run the command, and I get the following error:

[RuntimeException]
  The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.

I believe this has something to do with the APP_CIPHER setting, which I have set to rijndael-128.

How do I correct this issue?

Try the following:

  • If there’s a value for APP_KEY in the .env file remove it
  • Change the value for APP_CIPHER to AES-256-CBC
  • Run: php artisan ninja:update-key

That gives me

  [RuntimeException]
  No supported encrypter found. The cipher and / or key length are invalid.

It may help to try with AES-128-CBC instead.

Alternatively, if you aren’t using token billing you could run php artisan key:generate. Note: this would require removing/re-adding any payment gateways and/or bank accounts.

Same issue with AES-128-CBC. WIll try key:generate next.

After running php artisan key:generate, I received a success message saying pplication key [base64:REDACTED] set successfully., but recieved this error upon login:

1/1
DecryptException in compiled.php line 13310:
The MAC is invalid.
in compiled.php line 13310
at BaseEncrypter->getJsonPayload(array('iv' => 'oDwP9Rcr2FQ48wb/FwACzQ==', 'value' => '8ieNNNrIsVra+3TJD4TuJBZ+Fmp9SAJjXrqMYDwB2OXOFH7EEzCCelQqtPpyuBI8YLcd3jIqnlX57C1bO7VVIw1jY8Pr0c+7VlNAGq2YSLdZ1+xQ0zeza8ijTZ7PKo2j6x6AVENUphM6emshLa4Mdw==', 'mac' => '8283d7cf673a947ff36df1cea5ba8d4708ceb7ae9e4cb9d1fac6b70e310a5e47')) in McryptEncrypter.php line 115
at McryptEncrypter->decrypt('eyJpdiI6Im9Ed1A5UmNyMkZRNDh3YlwvRndBQ3pRPT0iLCJ2YWx1ZSI6IjhpZU5OTnJJc1ZyYSszVEpENFR1SkJaK0ZtcDlTQUpqWHJxTVlEd0IyT1hPRkg3RUV6Q0NlbFFxdFBweXVCSThZTGNkM2pJcW5sWDU3QzFiTzdWVkl3MWpZOFByMGMrN1ZsTkFHcTJZU0xkWjEreFEwemV6YThpalRaN1BLbzJqNng2QVZFTlVwaE02ZW1zaExhNE1kdz09IiwibWFjIjoiODI4M2Q3Y2Y2NzNhOTQ3ZmYzNmRmMWNlYTViYThkNDcwOGNlYjdhZTllNGNiOWQxZmFjNmI3MGUzMTBhNWU0NyJ9') in compiled.php line 6397
at Facade::__callStatic('decrypt', array('eyJpdiI6Im9Ed1A5UmNyMkZRNDh3YlwvRndBQ3pRPT0iLCJ2YWx1ZSI6IjhpZU5OTnJJc1ZyYSszVEpENFR1SkJaK0ZtcDlTQUpqWHJxTVlEd0IyT1hPRkg3RUV6Q0NlbFFxdFBweXVCSThZTGNkM2pJcW5sWDU3QzFiTzdWVkl3MWpZOFByMGMrN1ZsTkFHcTJZU0xkWjEreFEwemV6YThpalRaN1BLbzJqNng2QVZFTlVwaE02ZW1zaExhNE1kdz09IiwibWFjIjoiODI4M2Q3Y2Y2NzNhOTQ3ZmYzNmRmMWNlYTViYThkNDcwOGNlYjdhZTllNGNiOWQxZmFjNmI3MGUzMTBhNWU0NyJ9')) in AccountGateway.php line 113
at AccountGateway->getConfig() in AccountGateway.php line 123
at AccountGateway->getConfigField('publishableKey') in AccountGateway.php line 135
at AccountGateway->getPublishableStripeKey() in HandleUserLoggedIn.php line 68
at HandleUserLoggedIn->handle(object(UserLoggedIn))
at call_user_func_array(array(object(HandleUserLoggedIn), 'handle'), array(object(UserLoggedIn))) in compiled.php line 10261
at Dispatcher->Illuminate\Events\{closure}(object(UserLoggedIn))
at call_user_func_array(object(Closure), array(object(UserLoggedIn))) in compiled.php line 10206
at Dispatcher->fire('App\Events\UserLoggedIn') in compiled.php line 6397
at Facade::__callStatic('fire', array(object(UserLoggedIn))) in AuthController.php line 156
at AuthController->postLoginWrapper(object(Request))
at call_user_func_array(array(object(AuthController), 'postLoginWrapper'), array(object(Request))) in compiled.php line 9496
at Controller->callAction('postLoginWrapper', array(object(Request))) in compiled.php line 9558
at ControllerDispatcher->call(object(AuthController), object(Route), 'postLoginWrapper') in compiled.php line 9538
at ControllerDispatcher->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in compiled.php line 10020
at Pipeline->then(object(Closure)) in compiled.php line 9539
at ControllerDispatcher->callWithinStack(object(AuthController), object(Route), object(Request), 'postLoginWrapper') in compiled.php line 9526
at ControllerDispatcher->dispatch(object(Route), object(Request), 'App\Http\Controllers\Auth\AuthController', 'postLoginWrapper') in compiled.php line 8596
at Route->runController(object(Request)) in compiled.php line 8583
at Route->run(object(Request)) in compiled.php line 8297
at Router->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in DatabaseLookup.php line 19
at DatabaseLookup->handle(object(Request), object(Closure), 'user')
at call_user_func_array(array(object(DatabaseLookup), 'handle'), array(object(Request), object(Closure), 'user')) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in compiled.php line 10020
at Pipeline->then(object(Closure)) in compiled.php line 8298
at Router->runRouteWithinStack(object(Route), object(Request)) in compiled.php line 8289
at Router->dispatchToRoute(object(Request)) in compiled.php line 8279
at Router->dispatch(object(Request)) in compiled.php line 2419
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in HandlePreflight.php line 38
at HandlePreflight->handle(object(Request), object(Closure))
at call_user_func_array(array(object(HandlePreflight), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in Debugbar.php line 51
at Debugbar->handle(object(Request), object(Closure))
at call_user_func_array(array(object(Debugbar), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in StartupCheck.php line 194
at StartupCheck->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartupCheck), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in QueryLogging.php line 32
at QueryLogging->handle(object(Request), object(Closure))
at call_user_func_array(array(object(QueryLogging), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in DuplicateSubmissionCheck.php line 41
at DuplicateSubmissionCheck->handle(object(Request), object(Closure))
at call_user_func_array(array(object(DuplicateSubmissionCheck), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in compiled.php line 3225
at VerifyCsrfToken->handle(object(Request), object(Closure)) in VerifyCsrfToken.php line 44
at VerifyCsrfToken->handle(object(Request), object(Closure))
at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in compiled.php line 13546
at ShareErrorsFromSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in compiled.php line 12036
at StartSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in compiled.php line 13285
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in compiled.php line 13222
at EncryptCookies->handle(object(Request), object(Closure))
at call_user_func_array(array(object(EncryptCookies), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in compiled.php line 3286
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'), array(object(Request), object(Closure))) in compiled.php line 10035
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in compiled.php line 10020
at Pipeline->then(object(Closure)) in compiled.php line 2366
at Kernel->sendRequestThroughRouter(object(Request)) in compiled.php line 2350
at Kernel->handle(object(Request)) in index.php line 51

Rolling back for now…

One way to fix this would be to archive your payment gateway, update the key and then re-add the payment gateway.

Note: this would deactivate any credit cards/bank accounts on file. If you’re using Stripe you could re-import them.