PHPackages wubinworks/module-encryption-key-manager-cli - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [CLI & Console](/categories/cli) 4. / 5. wubinworks/module-encryption-key-manager-cli ActiveMagento2-module[CLI & Console](/categories/cli) wubinworks/module-encryption-key-manager-cli ============================================ A utility for Magento 2 encryption key rotation and management. CVE-2024-34102(aka Cosmic Sting) victims can use it as an aftercare. 1.0.0(1y ago)0231OSL-3.0PHPPHP >=7.3 Since Dec 4Pushed 1y ago1 watchersCompare [ Source](https://github.com/wubinworks/magento2-encryption-key-manager-cli)[ Packagist](https://packagist.org/packages/wubinworks/module-encryption-key-manager-cli)[ Docs](https://www.wubinworks.com)[ RSS](/packages/wubinworks-module-encryption-key-manager-cli/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (1)Versions (2)Used By (0) Magento 2 Encryption Key Manager CLI ==================================== [](#magento-2-encryption-key-manager-cli) **A utility for Magento 2 encryption key rotation and management. CVE-2024-34102(aka Cosmic Sting) victims can use it as an aftercare.** [![Wubinworks Magento 2 Encryption Key Manager CLI](https://raw.githubusercontent.com/wubinworks/home/master/images/Wubinworks/EncryptionKeyManagerCli/encrption-key-manager-cli.jpg "Wubinworks Magento 2 Encryption Key Manager CLI")](https://www.wubinworks.com/encryption-key-manager-cli.html) Designed for ------------ [](#designed-for) - Development usage - Deployment automation - CVE-2024-34102(aka Cosmic Sting) aftercare #### CVE-2024-34102(aka Cosmic Sting) [](#cve-2024-34102aka-cosmic-sting) After applying security patches, you need to perform a key rotation to completely deny the attacker's Admin level WebAPI access. If you cannot upgrade or apply the official isolated patch, see [Our Patches](#you-may-also-like). If the official encryption key rotation command `php bin/magento encryption:key:change` is not available, you can use this extension and this extension has more features as a "Key Manager". Usage ----- [](#usage) **This extension offers 3 commands.** - Generate new encryption key(for development/scripting purpose) ``` php bin/magento ww:encryption-key-manager:genkey [-f|--format FORMAT] ``` Example: ``` $ php bin/magento ww:encryption-key-manager:genkey 5f81fe506a1025b8ea439fd49c6fa8e3 ``` - List all/newest encryption keys ``` php bin/magento ww:ekm:list [--newest] ``` *Tip: you can use `ekm` shorthand for `encryption-key-manager`.* Example: ``` $ php bin/magento ww:ekm:list Encryption key count: 3 39a2f1213e6a942af3cd4f1c2d61528c fdd862cd41f95e4edaf2636258ce359f 3cd27f0eeae9ffec35681d8aa0faa618 ``` - Encryption key rotation (most important) ``` php bin/magento ww:encryption-key-manager:rotate [-k|--key KEY] ``` *Tip: if `-k|--key` is not provided, a random generated key will be used.* Example: ``` $ php bin/magento ww:encryption-key-manager:rotate Encryption key has been rotated successfully. Encryption keys are stored in `app/etc/env.php`. Caution: do not delete old keys! ``` New Encryption Key Format ------------------------- [](#new-encryption-key-format) Starting from version 2.4.7, encryption key format is changed from `hex` to `base64`. New format example(note it has a `base64` prefix): ``` base64bDr+HSz4tZ+cjZA89J5RvbZzCfDKWO1iXgDfmqeZL0c= ``` By default, `php bin/magento ww:encryption-key-manager:genkey` generates a key that is compatible with your **current Magento version**. But you can force the format(for development purpose) ``` php bin/magento ww:encryption-key-manager:genkey --format base64 php bin/magento ww:encryption-key-manager:genkey --format hex ``` More details of the key generation process are in this [blog post](https://www.wubinworks.com/blog/post/new-encryption-key-format-introduced-on-magento-2.4.7). Requirements ------------ [](#requirements) **Magento 2.4** Installation ------------ [](#installation) **`composer require wubinworks/module-encryption-key-manager-cli`** ♥ - [](#) If you like this extension please star this repository. You May Also Like ----------------- [](#you-may-also-like) [Magento 2 patch for CVE-2024-34102(aka Cosmic Sting)](https://github.com/wubinworks/magento2-cosmic-sting-patch) [Magento 2 JWT Authentication Patch](https://github.com/wubinworks/magento2-jwt-auth-patch) ### Health Score 23 — LowBetter than 27% of packages Maintenance38 Infrequent updates — may be unmaintained Popularity8 Limited adoption so far Community8 Small or concentrated contributor base Maturity33 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 531d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/7de965a6287fb784969afeb4b173521d3cb59c6b873b7248263abb9fc098eddd?d=identicon)[wubinworks](/maintainers/wubinworks) --- Top Contributors [![wubinworks](https://avatars.githubusercontent.com/u/127310257?v=4)](https://github.com/wubinworks "wubinworks (1 commits)") --- Tags clicosmic-stingcve-2024-34102deployment-automationencryption-keykey-generationkey-rotationmagento2climagento 2key-rotationkey-generationcve-2024-34102cosmic stingencryption keydeployment automation ### Embed Badge ![Health badge](/badges/wubinworks-module-encryption-key-manager-cli/health.svg) ``` [![Health](https://phpackages.com/badges/wubinworks-module-encryption-key-manager-cli/health.svg)](https://phpackages.com/packages/wubinworks-module-encryption-key-manager-cli) ``` ### Alternatives [symfony/console Eases the creation of beautiful and testable command line interfaces 9.8k1.1B11.3k](/packages/symfony-console)[nunomaduro/collision Cli error handling for console/command-line PHP applications. 4.6k331.8M8.5k](/packages/nunomaduro-collision)[nunomaduro/termwind It's like Tailwind CSS, but for the console. 2.5k239.8M286](/packages/nunomaduro-termwind)[wp-cli/wp-cli WP-CLI framework 5.1k17.2M320](/packages/wp-cli-wp-cli)[wp-cli/php-cli-tools Console utilities for PHP 68325.0M367](/packages/wp-cli-php-cli-tools)[socialengine/sniffer-rules A Lumen 5 and Laravel 5 SquizLabs Code Sniffer 2.0 artisan command. Detect violations of a defined coding standard. It helps your code remains clean and consistent. 1248.2k1](/packages/socialengine-sniffer-rules) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)