Your .env
file contains very sensitive information (your app key at the very least). You do not want this in version control where everybody can see this information and possibly use it to attack your site.
Think about database information which might be stored in there or email keys or passwords. Furthermore it is likely that the information which you use in your .env
file also needs to change between environments so you will need to change values anyways.
What should you instead do?
Make a file .env.example
in this file you place all the keys of your .env
.
ex.
APP_ENV=local
APP_DEBUG=true
APP_KEY=SomeRandomString
APP_URL=http://localhost
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=homestead
DB_USERNAME=homestead
DB_PASSWORD=secret
在这里,您可以看到一个文件,其中提供了想要使用您的代码的人的所有必要信息,但没有任何敏感信息.然后有人可以把这个.env.example
复制到.env
,然后改变数值.