Skip to main content

How to Secure the .env File in Laravel

The .env is a file in Laravel that contains your environment variables. These are variables that are specific to your application and environment, and they can include things like your database credentials, API keys, and more.

The .env file is typically stored in the root of your Laravel application, and it’s important to keep it confidential and secure. You can protect it by restricting access to the file itself, or by setting up environmental variables to keep your sensitive information hidden.

3 ways to protect the .env file

Map domain to the public folder

Any web application needs a domain in order to be accessible. When you’re working with Laravel, you need to map a domain to the public folder in order to run the app properly. By doing this, you’re preventing anyone from being able to view the files in the root folder – which means that your.env file will be securely protected, as well as your entire application. This is an important step in ensuring the safety and security of your Laravel app.

Ignore the file in the source control

Whenever you are working with sensitive data, it is important to take steps to protect that data. One way to do this is to avoid committing sensitive files to your source control repository. If there is a data breach, the sensitive data will not be exposed.

Additionally, if you need to make changes to the file for different environments, you can avoid having to commit those changes by ignoring the file in source control. This will help to keep your source control repository clean and secure.

Block access

It’s important to make sure that this environment file is not accessible to anyone who shouldn’t have access to it. One way to do this is to add the following lines to your .htaccess file:

<FilesMatch "^\.env">
    Order allow,deny
    Deny from all

This will block access to the .env file from anyone who tries to access it directly. This is a good security measure to take if you want to make sure that your .env file stays secure.

By continuing to use the site, you agree to the use of cookies.