Level 34
@nickywan123 you should add it to the .env.example file. So anyone with the project can just copy the .env.example file to the .env file
Mar 15, 2021
15
Level 6
gitignore for .env?
I pushed my project to github and the gitignore fill will ignore certains folders like node_modules and .env due to sensitive data contained in it.
However, what if I have some configuration in the .env that is needed for the app to work as intended?
Say, I added my Agolia app id(tied to my account) in it to be able to full text search my application. How do I go about this?
Level 34
Like what Laravel does when you run composer install:
https://github.com/laravel/laravel/blob/8.x/composer.json#L56 https://github.com/laravel/laravel/blob/8.x/.env.example
Level 6
in this case, the .env.example will not be omitted by git ignore?
Level 34
@nickywan123 No.
By default, .env.example is not ignored unless you do so.
It will be a good idea to explain in your README file how your app should be configured to make it work.
In your example to Alogia config, you can put a blank ALGOLIA_CONFIG in your .env.example and let the user know that they need to go to https://www.algolia.com/ and generate one for themselves.
Level 10
Your .env file should not be committed to your application's source control, since each developer/server using your application could require a different environment configuration. Furthermore, this would be a security risk in the event an intruder gains access to your source control repository since any sensitive credentials would get exposed.
You can push .env.example file then give your client secrets to your team mates in any way without pushing your .env file to your version control since it would be a high security risk.
Level 6
In this case, the git ignore will not omit .env.example by default?
Level 10
No, it will not. Your .env.example not included in .gitignore so you can push it and after cloning your project you can create .env file and copy the .env.example to your new .env file then put your secret keys
Level 122
by default, the .env.example is committed to source control
Level 6
I see. So I list the keys and leave the values empty in the .env.example file. In this case, if another person clone that project, he needs to create his own account to generate the app_id for his .env that I did not provide?
Level 5
You can define a constant in your configuration file :
'algolia' => env('ALGOLIA_CONFIG', 'value');
So in this case if there is no .env file or ALGOLIA_CONFIG doesn't exist it will take the second parameter which is value
Level 122
normally you would create the .env file in the production environment itself
Level 6
If I did not include the value for a key of a sensitive data(say app_key_third_party) in the .env.example, anybody who clone the app needs to generate the third party key by themselves?
Level 80
@nickywan123 The .env should not be included in your source repository.
The point of an .env file is, you tend to have different values for keys on different services. So you might use a different API key for something locally than you do on a staging server, and yet another different one on your production server. If you just set one value in your .env file and push that every where, then (ignoring the security risk) every environment’s going to get the same key, which is not what you want.
That being said, .env files are a replacement for environment variables. You should be setting environment variables on your servers. The .env just “mimics” this for situations where it’s hard to replicate, i.e. serving your application using the php artisan serve command.
So, never commit your .env (it’s ignored for a reason), and set your configuration values once on each of your servers.
Level 6
So let's say I have an api_key_third_party and the value is my own encrypted value and I put the key into .env.example like this:
## Required
api_key_party= ?????
and the other person cloning the project need to generate his own api key?
Level 80
You need to share the key, or the other person needs to generate their own, yes.
Please or to participate in this conversation.