You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.5 KiB
1.5 KiB
Configuration Best Practices
env() Only in Config Files
Direct env() calls may return null when config is cached.
Incorrect:
$key = env('API_KEY');
Correct:
// config/services.php
'key' => env('API_KEY'),
// Application code
$key = config('services.key');
Use Encrypted Env or External Secrets
Never store production secrets in plain .env files in version control.
Incorrect:
# .env committed to repo or shared in Slack
STRIPE_SECRET=sk_live_abc123
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI
Correct:
php artisan env:encrypt --env=production --readable
php artisan env:decrypt --env=production
For cloud deployments, prefer the platform's native secret store (AWS Secrets Manager, Vault, etc.) and inject at runtime.
Use App::environment() for Environment Checks
Incorrect:
if (env('APP_ENV') === 'production') {
Correct:
if (app()->isProduction()) {
// or
if (App::environment('production')) {
Use Constants and Language Files
Use class constants instead of hardcoded magic strings for model states, types, and statuses.
// Incorrect
return $this->type === 'normal';
// Correct
return $this->type === self::TYPE_NORMAL;
If the application already uses language files for localization, use __() for user-facing strings too. Do not introduce language files purely for English-only apps — simple string literals are fine there.
// Only when lang files already exist in the project
return back()->with('message', __('app.article_added'));