What changes were made to handle APP_KEY rotation in Laravel 11

Key Features of APP_KEY Rotation in Laravel 11

1. APP_PREVIOUS_KEYS Environment Variable:
Laravel 11 introduces the `APP_PREVIOUS_KEYS` environment variable, which can store a comma-delimited list of previous encryption keys. This allows the application to attempt decryption using these keys if the current key fails.

2. Graceful Decryption Process:
When a value is decrypted, Laravel first tries the current `APP_KEY`. If decryption fails (for instance, if the data was encrypted with an older key), Laravel will automatically try the keys listed in `APP_PREVIOUS_KEYS` until it finds a key that successfully decrypts the data. This ensures that users do not experience interruptions when keys are rotated[1][3][4].

3. Automatic Re-encryption:
When the application successfully decrypts data using a previous key, it can then re-encrypt that data with the new key. This process is seamless and occurs automatically as users interact with the application, allowing for a smooth transition without data loss or user disruption[1][3].

4. Session Retention:
This new mechanism ensures that existing users remain logged in even after the `APP_KEY` is rotated. By maintaining access to previous keys, Laravel allows ongoing sessions to continue functioning normally, which is crucial for user experience[3][4].

This enhancement makes key management more secure and user-friendly, allowing developers to rotate encryption keys without the risk of breaking existing functionality.