Where should environment-specific values be saved in a Laravel 5 application?

Question

I'm trying to wrap my head around the .env way of doing configuration in Laravel 5.

Here's my story: I'm converting an existing Laravel 4 application to Laravel 5. I currently have different environments (local and production) and the cascading configuration system works nicely. I have my environment-specific application config in separate folders under app/config.

My application is currently deployed (and developed) in a Docker container. To build for deployment, I use a Dockerfile to build my application image (based on my master branch), which is then pushed to a repository and pulled on the production server.

So now I'm trying to convert my configuration for Laravel 5 and I'm a little confused. Everything I read says you add your .env files to the .gitignore file so it's not included in your repository. I understand the security reasons for this - don't commit sensitive API keys/passwords/whatever to your repository. But I'm not sure how to ensure that my production .env file is included in my build step if it's not part of the repository.

The idea I had was to place my production .env file somewhere in my file system outside of my development environment, and then copy it when it's needed.

Is this the "best practice" for managing this? Is this how others do it?

Thanks!

Answer 1

.env file will contain the variables which you will apply using env('variable') in the config files. The best practice would be set any parameters that are environment independent (meaning that will work on both production and develop) right in the config files and set any environment dependent variables in the .env file

Example: on your dev and staging server you will send email using gmail smtp but on production server you will use your own smtp server. Simply set the email configuration as follows:

config file:

return [
    'driver' => 'smtp',
    'host' => env('MAIL_HOST'),
    'port' => env('MAIL_PORT'),
    'from' => ['address' => env('MAIL_FROM_EMAIL'), 'name' => env('MAIL_FROM_NAME')],
    'encryption' => 'tls',
    'username' => env('MAIL_USERNAME'),
    'password' => env('MAIL_PASSWORD'),
    'sendmail' => '/usr/sbin/sendmail -bs',
    'pretend' => false
];

.env on dev and staging

MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
[email protected]
[email protected]
[email protected]
MAIL_PASSWORD=password

.env on production

MAIL_HOST=smtp.domain.com
MAIL_PORT=587
[email protected]
[email protected]
[email protected]
MAIL_PASSWORD=password

never include the .env file on your git repo. Instead make a copy and name it ".env.sample" and add that. So your dev team can setup their own .env file once the repo is cloned. You will need to add .env to the .gitignore to prevent it from adding to the repo.