// The key comes from; $key = $this->app['config']['app.key'];

1.  
2. // The key comes from;
3.  
4.         $key = $this->app['config']['app.key'];
5.  
6.         if (Str::startsWith($key, 'base64:')) {
7.             $key = base64_decode(substr($key, 7));
8.         }
9.  
10. // Then with your first code, using key
11.  
12. $reset_token = hash_hmac('sha256', Str::random(40), $key);
13.  
14. // then stored, but hashed again
15.  
16.     DB::table('password_resets')->insert([
17.        'email' => $request->email,
18.         'token' => Hash::make($reset_token),
19.         'created_at' => Carbon::now(),
20.     ]);