If you are upgrading from a 3.x version of Snipe-IT, your app key was generated using the (now deprecated) mcrypt library.

Snipe-IT 4.x defaults to using an OpenSSL cipher instead of mcrypt - which will cause no issues if you are installing for the first time, but if you're upgrading, you may get a cipher error.


You MUST make sure you've backed up your original APP_KEY.

The recrypter attempts to use mcrypt to decrypt any encrypted custom fields you have. If you do not run the recrypter and you change your APP_KEY, it will:
make any encrypted fields undecryptable
make your LDAP password undecryptable
void all browser sessions

If this happens, do the following:

  • Open your .env file and add a new field called LEGACY_APP_KEY= and add your v3.x Snipe-IT APP_KEY value there.
  • Also in your .env, add LEGACY_CIPHER=rijndael-256
  • run php artisan key:generate to generate a new, non-mcrypt APP_KEY
  • run php artisan config:clear to clear your config cache
  • run php artisan snipeit:legacy-recrypt to decrypt and re-encrypt any encrypted custom fields
  • clear your browser cookies

If you get a "Whoops" error when you try to login or refresh your Snipe-IT page, you probably forgot to clear your browser cookies. That error happens because we now use a more secure encryption cipher to encrypt your data (including sessions), and clearing your browser should fix that.