Laravel's official site recommends that we put the .env into gitignore and so to others.
Why? I feel it comes quite handy for future usage once you forget how you setup the configurations.
Your .env
file contains very sensitive information (your app key at the very least). You do not want this in version control where everybody can see this information and possibly use it to attack your site.
Think about database information which might be stored in there or email keys or passwords. Furthermore it is likely that the information which you use in your .env
file also needs to change between environments so you will need to change values anyways.
What should you instead do?
Make a file .env.example
in this file you place all the keys of your .env
.
ex.
APP_ENV=local
APP_DEBUG=true
APP_KEY=SomeRandomString
APP_URL=http://localhost
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=homestead
DB_USERNAME=homestead
DB_PASSWORD=secret
Here you can see a file in which all the necessary information for somebody that wants to use your code is available but none of the sensitive information. Then somebody can copy this .env.example
to .env
and change the values.