Is symfony APP_SECRET supposed to be committed to the repository?

According to Symfony documentation, the .env file is meant to be committed into your repository.

The .env and .env. files should be committed to the repository because they are the same for all developers and machines. However, the env files ending in .local (.env.local and .env..local) should not be committed because only you will use them. In fact, the .gitignore file that comes with Symfony prevents them from being committed.

Doesn’t that expose APP_SECRET? Is this variable something that should be changed post deploy or removed from the .env file and put somewhere else?

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *