# Project Aegis Deployment

## APP_KEY and encrypted credentials

Project Aegis encrypts Atlas RCON credentials with Laravel application encryption. The production `APP_KEY` is therefore part of the credential-recovery boundary.

- Keep `APP_KEY` secret and server-side.
- Keep the same `APP_KEY` across normal deployments.
- Back it up in an approved secret-management system separate from the application database.
- Never commit it to Git or copy it into tickets, logs, screenshots, or documentation.
- Never run `php artisan key:generate` against an established environment without an approved credential-rotation and recovery plan.

Changing or losing `APP_KEY` makes existing encrypted RCON credentials unreadable. After deploying, confirm the application key is present before running migrations or enabling Atlas RCON operations.

