If you are upgrading from a 3.x version of Snipe-IT, your app key was generated using the (now deprecated) mcrypt library.
Snipe-IT 4.x defaults to using an OpenSSL cipher instead of mcrypt - which will cause no issues if you are installing for the first time, but if you're upgrading, you may get a cipher error.
You MUST make sure you've backed up your original APP_KEY.
The recrypter attempts to use mcrypt to decrypt any encrypted custom fields you have. If you do not run the recrypter and you change your APP_KEY, it will:
make any encrypted fields undecryptable
make your LDAP password undecryptable
void all browser sessions
If this happens, do the following:
- Open your .env file and add a new field called
LEGACY_APP_KEY=and add your v3.x Snipe-IT
- Also in your .env, add
php artisan key:generateto generate a new, non-mcrypt
php artisan config:clearto clear your config cache
php artisan snipeit:legacy-recryptto decrypt and re-encrypt any encrypted custom fields
- clear your browser cookies
If you get a "Whoops" error when you try to login or refresh your Snipe-IT page, you probably forgot to clear your browser cookies. That error happens because we now use a more secure encryption cipher to encrypt your data (including sessions), and clearing your browser should fix that.
Updated about a year ago