Missing Encryption Keys¶
ExpressionEngine displays the error: You do not have value set for [encryption_key/session_crypt_key] in your config.php. This may leave your install open to security vulnerabilities. Restore the keys or see this troubleshooting article in the user guide for help.
Troubleshooting¶
This means you are missing the corresponding item from your system/user/config/config.php file. This shouldn’t occur, and generally means that someone modified your file or removed those values by accident. They will look like this:
$config['encryption_key'] = '26791dcd5c7cc9e569cc05b16b96235985cc9f03';
$config['session_crypt_key'] = 'd9e776dc9a5de0cd83e7c76a76756daa64ff4b8b';
Since some content in your database or generated by third-party add-ons may already be encrypted using these keys, it would be best to restore them from a backup. If you do not have a backup available, or it is also missing these keys, you should generate new keys. Do NOT use the random samples above, use the tools below to create a new random string.
Generating new encryption keys¶
Using openssl:
openssl rand 128 | openssl dgst -sha1
Using php from the command line:
php -r 'echo sha1(uniqid(random_int(-PHP_INT_MAX, PHP_INT_MAX), TRUE));echo "\n";'
For Windows systems, if you have not modified your environment, you will need to supply the path to php.exe:
C:\PHP7\php.exe -r 'echo sha1(uniqid(random_int(-PHP_INT_MAX, PHP_INT_MAX), TRUE));echo "\r";'