It contains the keys (but usually dummy values) for secrets like API keys or private tokens that are only needed for your local build.
: Do not put real API keys, database passwords, or private certificates into .env.dist.local . Use .env.local for real secrets. .env.dist.local
APP_ENV=dev APP_DEBUG=true APP_SECRET=ChangeMeForLocalDev It contains the keys (but usually dummy values)
By adhering to these principles, you can harness the full power of environment-based configuration, keeping your application flexible, your development team productive, and, most importantly, your secrets secure. keeping your application flexible
APP_ENV=production DATABASE_URL= THIRD_PARTY_API_KEY= DEBUG=false Use code with caution. .env.dist.local (Committed to Git)
# Local overrides template – copy to .env.local DATABASE_URL=mysql://app:devpass@127.0.0.1:3306/app_local TRUSTED_PROXES=127.0.0.1 DEV_TOOLS_ENABLED=1
Common pitfalls and how to avoid them