L
L
Larasoft's SOPs
Search…
Configuration
Environment Variables
You MUST put sensitive information into .env files
Use .env files to store any secure information and retrieve it via env function. There should be no instance on which you will put it inside models/controllers and commit it to Git.
Good
// .env
API_HOST=https://example.com/api
API_USERNAME=myuser
API_PASSWORD=secret
// access the value from app/config.php file
return [
...
'api_host' => env('API_HOST', 'https://defaultdomain.com')
'api_username' => env('API_USER', 'defaultuser')
'api_password' => env('API_USER', 'defaultpassword')
...
]
Bad
define('API_HOST', 'https://defaultdomain.com');
define('API_USERNAME', 'defaultuser');
define('API_PASSWORD', 'defaultpassword');
class DomainController extends Controller
{
public function index()
{
$api_username
}
your application key MUST be set. This is the APP_KEY variable in your .env file. You can generate one via
php artisan key:generate
Package Configuration
Custom or Package configuration filename MUST be in snake_case
Good
config/my_config.php
Bad
config/MyConfig.php
Config and language files indexes SHOULD be in snake_case
Good
// config/myconfig.php
return [
'my_api' => [
'domain' => env('API_DOMAIN'),
'secret' => env('API_SECRET'),
],
Bad
// config/myconfig.php
return [
'MyApi' => [
'DOMAIN' => env('API_DOMAIN'),
'SECRET' => env('API_SECRET'),
],
The best way to figure out if you have implemented best-practice in configuring your app, is if the codebase could be made open source at any moment without compromising any credentials
Last modified 9mo ago
Copy link