2fauth's .env file: encryption and emails

Hello,

I would like to enable encryption in 2FAuth so my codes are protected at rest in the database, and enable 2FAuth to send emails to me so I can reset my password if I ever need to do this.
Both of these things require editing the .env file, which is located at
/var/www/2fauth/.env

I have a question about each:

  1. Is enabling encryption worth doing if the APP_KEY value is stored in plain text in the .env file? Presumably the .env file itself will not be encrypted, and removing it to a separate storage device will break 2FAuth?
  2. The default mail settings that are in the .env file do not send an email to me when I do the ‘Email configuration test’ in 2FAuth’s ‘Admin’ page (‘App setup’ tab). How do I modify them so I can receive emails? (The explanations of the various parameters in 2FAuth’s documentation only make partial sense to me.)
    The default settings post-installation are:
MAIL_DRIVER=smtp
MAIL_HOST=localhost
MAIL_PORT=587
MAIL_FROM=2fauth@auth.domain.tld
MAIL_USERNAME=2fauth
MAIL_PASSWORD= [a 24-digit string of what looks like hex numbers]
MAIL_ENCRYPTION=starttls
#MAIL_FROM_NAME=null
#MAIL_FROM_ADDRESS=null

Thank you :slight_smile:

Edit: when I try to edit these values and then try to use the ‘reset password’ feature, it returns an error message – irrespective of what I change them to:

Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate 
CN=`domain.tld' did not match expected

I am also interested in changing some settings in the app.
Did you try to set mail encryption to null?
Do you need to run

php artisan migrate:refresh
php artisan passport:install
php artisan storage:link
php artisan config:cache

After every change to the env file or does it take into account immediately?