# Environment

### **Local Environment**

There are multiple ways to run Laravel in local environment as outlined below:

* [**Homestead**](https://laravel.com/docs/5.8/homestead) - requires VirtualBox, Vagrant
* [**Valet**](https://laravel.com/docs/5.8/valet) - only runs in MacOS
* [**Laradock**](https://laradock.io/) - requires Docker Engine

You are free to choose which local environment that works for you and your team as long as the following conditions are met:

* Your local environment **MUST** be able to duplicate the production server or close to its specifications such as PHP version, extensions installed and MySQL version
* .env file **MUST NOT** be commited into repository
* You **SHOULD NOT** be connecting to your any production server when you are debugging locally, to prevent accidental corruption of data, unintended API call or similar incident.
* You **SHOULD NOT** be using personally identiable information (PII) of your end-users data or any data that could potentially identify a specific individual such as first/last name, address, medical condition so on and so forth, unless you are explicitly authorized by your company or client to do so.
* You **MUST** update the readme.md file for any special instruction on how to run the app in local environment, so that other developers who will setup the app in their local machine can follow them properly.
* While it is possible to WAMP or XAMP for Laravel, this is un-common practice so you **SHOULD** try to familiarize yourself on how server components works and be comfortable in dealing with them.

### **Staging Environment**

Staging servers is a type of server that is used to test a software, website or service in a production-similar environment before being set live. It is the role of a staging environment or staging site, to serve as a temporary hosting and testing server for any new software or feature.

* It is **RECOMMENDED** to use [**Continous**](https://www.thoughtworks.com/continuous-integration%22%20/t%20%22_blank) [**Integration**](https://www.thoughtworks.com/continuous-integration%22%20/t%20%22_blank) to automatically run your Tests and keep a record of the results. For example [Travis CI](https://travis-ci.org/) or [Jenkins](https://jenkins.io/)

### **Production Environment**

**You MUST regularly rotate your APP\_KEY**

APP\_KEYS are set when you initialized a new Laravel application or executed the following command

php artisan key:generate

*Laravel uses the key for all encrypted cookies, including the session cookie, before handing them off to the user’s browser, and it uses it to decrypt cookies read from the browser. This prevents the client from making changes to their cookies and granting themselves admin privileges or impersonating another user in your application. Encrypted cookies are an important security feature in Laravel*

From [APP\_KEY And You](https://tighten.co/blog/app-key-and-you)