Laravel Security in Depth [Tip#1] - Security Tip: Custom Encryption Key

.env

APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:JZe9TqpS9jr9m8/0wN1I5SNpfw1uZsznq+eHoHdcRVQ=
APP_DEBUG=true
APP_URL=http://lsid.test

LOG_CHANNEL=stack
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=lsid
DB_USERNAME=root
DB_PASSWORD=
DB_ENCRYPTION_KEY=base64:JwjensMs4du0OBRDJIYaUThhCqmOt1ZkjXjZSsij3Gg=

# ...

AppServiceProvider.php

<?php
namespace App\Providers;

use Illuminate\Database\Eloquent\Model;
use Illuminate\Encryption\Encrypter;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Str;

class AppServiceProvider extends ServiceProvider
{
    public function register()
    {
        //
    }

    public function boot()
    {
        Model::encryptUsing(new Encrypter($this->databaseEncryptionKey(), config('app.cipher')));
    }

    protected function databaseEncryptionKey(): ?string
    {
        return base64_decode(Str::after(config('database.encryption_key'), 'base64:'));
    }
}

database.php

<?php

use Illuminate\Support\Str;

return [

    /*
    |--------------------------------------------------------------------------
    | Default Database Connection Name
    |--------------------------------------------------------------------------
    |
    | Here you may specify which of the database connections below you wish
    | to use as your default connection for all database work. Of course
    | you may use many connections at once using the Database library.
    |
    */

    'default' => env('DB_CONNECTION', 'mysql'),

    /*
     * Encryption key to use for casting encrypted model attributes
     * Falls back to app key if not set, so the app doesn't break on install
     */
    'encryption_key' => env('DB_ENCRYPTION_KEY', env('APP_KEY')),

// ...