APP_KEY encryption key issue, intermittent GET error 500


The Angular2 sample app intermittently fails to retrieve all “Contacts” for the selected “Group”, but some rows remain empty. It is different every time you click, sometimes it happens that all rows are fetched. API call example: local.INFO: [REQUEST] {"API Version":"2.0","Method":"GET","Service":"db","Resource":"_table/contact/99"}
For all empty rows the [installdir]\ apps\dreamfactory\htdocs\storage\logs\dreamfactory.log says:

production.ERROR: exception 'RuntimeException' with message 'No supported encrypter found. The cipher and / or key length are invalid.' in ... Illuminate\Encryption\EncryptionServiceProvider->getEncrypterForKeyAndCipher('SomeRandomStrin...', 'AES-256-CBC')

Actually it is a laravel bug:, and the solution which works for me is to alter this line in the [installdir]\apps\dreamfactory\htdocs\config\app.php in line 78
'key' => env('APP_KEY', 'SomeRandomString'),
'key' => env('APP_KEY', 'SomeRandomString1234567890123456'),

After editing this, execute: php artisan config:clear, php artisan cache:clear, and php:artisan key:generate and then restart the DF stack.

The bug is there in version dreamfactory-2.2.0-0.


Now I fixed that, but I get “MAC is invalid.” in DF admin application. It seems like this: “MAC is invalid” 500 Error when upgrading from 2.01 to 2.1

So, the question is how to fix the initial issue, and not spoil the latter.


Simply put:
A bug requires change of APP_KEY, but changing APP_KEY causes issues in the admin app.

Any ideas?


No ideas yet?
If not, this means that in this version we need to choose if we prefer the admin app to work okay, or the example apps (and possibly others that we create).


I don’t have any experience with the laravel bug you referenced, however if you wish to change your app key, you will get MAC is invalid errors because items that are stored in the system database with two way encryption use the app key for that encryption.

You can resolve the MAC is invalid error by deleting any service configurations that have stored credentials from the database, as well as any private lookups. (These are the only items in the DB affected by the app key change.)

For example, sql service configs are stored in the table sql_db_config
Go in and set the username and password fields for these to NULL.
After you change the app key, you can resave the credentials.