• Skip to primary navigation
  • Skip to main content
Sal Ferrarello
  • About Sal Ferrarello
  • Speaking
  • Connect
    Twitter GitHub
You are here: Home / Dev Tips / Should I add .env to .gitignore?

Should I add .env to .gitignore?

Last updated on February 11, 2021 by Sal Ferrarello

The short answer is, “yes”. You should use your .gitignore file to ignore the .env file.

Why Ignore .env

The .env file is typically used for the configuration of your application, which often includes sensitive information like database credentials and API keys. Even if your Git repo is not public, it is a best practice to exclude this information from your repository (the idea being that sensitive configuration information should have higher security than source code).

How to Exclude .env

You can exclude your .env file by adding the following line to your .gitignore file.

.env

In my case, I like to exclude all files that start with a period with exceptions (e.g. .gitignore is an exception).

Warning: If your .env is already part of your Git repository, adding it to .gitignore will not remove it. In this case, you’ll also need to tell Git to stop tracking .env, which you can do with

git rm --cached .env

This will delete .env from your repo, but leave it on your local machine (and now your .gitignore will cause it to be ignored).

Damage Control

If your .env was checked into your repo, you’ll want to change any credentials that appear in it. This isn’t a lot of fun however even though you are no longer tracking your .env file, it is still part of your Git history and can be retrieved.

You can take steps to remove it from your Git repo entirely but this comes with a host of problems and still does not guarantee there is not a copy of the .env file somewhere.

If sensitive information gets added to a Git repository, it should be changed.

Include .env.example

Because it is helpful to have a template for your .env file, you’ll often see an .env.example file. This file contains the same structure as your .env file but all of the credentials and API keys have been removed. This helps speed up the process of setting up your project.

Sal Ferrarello
Sal Ferrarello (@salcode)
Sal is a PHP developer with a focus on the WordPress platform. He is a conference speaker with a background including Piano Player, Radio DJ, Magician/Juggler, Beach Photographer, and High School Math Teacher. Sal can be found professionally at WebDevStudios, where he works as a senior backend engineer.

Share this post:

Share on TwitterShare on FacebookShare on LinkedInShare on EmailShare on Reddit
Warning! This is a draft, not a finalized post. See full draft disclosure.

Filed Under: Dev Tips, Draft, Recommendations Tagged With: Git, gitignore

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Copyright © 2021 · Bootstrap4 Genesis on Genesis Framework · WordPress · Log in