According to Symfony documentation, the .env file is meant to be committed into your repository.
The .env and .env. files should be committed to the repository because they are the same for all developers and machines. However, the env files ending in .local (.env.local and .env..local) should not be committed because only you will use them. In fact, the .gitignore file that comes with Symfony prevents them from being committed.
Doesn’t that expose APP_SECRET? Is this variable something that should be changed post deploy or removed from the .env file and put somewhere else?
Source: Symfony Questions
Was this helpful?
0 / 0