Your .envfile contains verysensitive information (your app key at the very least). You do notwant this in version control where everybody can see this information and possibly use it to attack your site.
Think about database information which might be stored in there or email keys or passwords. Furthermore it is likely that the information which you use in your .envfile also needs to change between environments so you will need to change values anyways.

您的.env文件包含非常敏感的信息（至少是您的应用程序密钥）。您不希望在版本控制中使用此信息，每个人都可以看到此信息并可能使用它来攻击您的站点。
想想可能存储在那里的数据库信息或电子邮件密钥或密码。此外，您在.env文件中使用的信息也可能需要在不同环境之间更改，因此您无论如何都需要更改值。

What should you instead do?
Make a file .env.examplein this file you place all the keys of your .env.
ex.

你应该怎么做？在此文件中创建
一个文件.env.example，您将.env.
前任。

APP_ENV=local
APP_DEBUG=true
APP_KEY=SomeRandomString
APP_URL=http://localhost

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=homestead
DB_USERNAME=homestead
DB_PASSWORD=secret

Here you can see a file in which all the necessary information for somebody that wants to use your code is available but none of the sensitive information. Then somebody can copy this .env.exampleto .envand change the values.

在这里，您可以看到一个文件，其中包含想要使用您的代码的人的所有必要信息，但没有任何敏感信息。然后有人可以将其复制.env.example到.env并更改值。

The answers here and many articles all said .env includes sensitive information so it should not be put in source control. But the thing is .env does not just include sensitive information, it may also contain typical setting configuration. You can just leave sensitive information out and keep all the other settings in git.

这里的答案和许多文章都说 .env 包含敏感信息，因此不应将其置于源代码控制中。但问题是 .env 不仅包含敏感信息，它还可能包含典型的设置配置。您可以只留下敏感信息，而将所有其他设置保留在 git 中。

Some suggests put .env.example in git, I actually followed that for a while but found it quite “inconvenient”, especially for the guys who newly joined the team. When they check out the codes, they find codes can not run, then they just copy .env from other old guys (notfrom .env.example and make the necessary changes.) b/c for dev environment even the sensitive information like API key/DB password are shared.

有人建议将 .env.example 放在 git 中，我实际上遵循了一段时间，但发现它非常“不方便”，尤其是对于新加入团队的人。当他们检查代码时，他们发现代码无法运行，然后他们只是从其他老家伙那里复制 .env（而不是从 .env.example 并进行必要的更改。） b/c 用于开发环境甚至 API 等敏感信息密钥/数据库密码是共享的。

Quite often the whole dev team will have one API key and one DB setting. I see this happened from time to time, which just makes me doubt the use of .env.example.

很多时候，整个开发团队都会有一个 API 密钥和一个数据库设置。我看到这种情况不时发生，这让我怀疑 .env.example 的使用。

So now I use the practice of putting .env in git and put sensitive information in .env.local which is gitignored.

所以现在我采用将 .env 放在 git 中的做法，并将敏感信息放在 .env.local 中，这是 gitignored。

Ruby dotenv gem suggested this https://github.com/bkeepers/dotenv#what-other-env-files-can-i-use
Symfony 4 has also changed to this behavior
When I do nodejs project I also use a npm package called dotenv-flowto do that.

Ruby dotenv gem 建议这个https://github.com/bkeepers/dotenv#what-other-env-files-can-i-use
Symfony 4 也改变了这种行为
当我做 nodejs 项目时，我还使用了一个名为的 npm 包dotenv-flow来做到这一点。

The .envfile contains passwords and API keys that should not go into source control for security reasons. Plus they will likely change between environments (you should use different API keys for testing vs production)

该.env文件包含出于安全原因不应进入源代码管理的密码和 API 密钥。此外，它们可能会在不同环境之间发生变化（您应该使用不同的 API 密钥进行测试和生产）

What you can do is keep .env.example.phpin git and keep it updated with the variables that need to be configured, but leave the value blank. Then on new install just do copy .env.example.phpto .envand update the values for that environment.

您可以做的是保留.env.example.php在 git 中并使用需要配置的变量对其进行更新，但将该值留空。然后在新的安装只是做拷贝.env.example.php，以.env和为环境更新值。

The List of files added in .gitignorefile will be discarded by Git and will not be uploaded/downloaded to/from Git repository

文件中添加的.gitignore文件列表将被 Git 丢弃，不会上传/下载到/从 Git 存储库

Main advantages of putting .envin .gitignore.

把主要的优势.env在.gitignore。

1) The .envfile contains sensitive information about the project. Information like your Database Credentials, You Encryption Key, If your app is using any API then you can have API Keys/Access tokens can be loaded from the .envfile and you might not want those credentials to be accessible to everyone who has access to the project.

1) 该.env文件包含有关该项目的敏感信息。诸如您的数据库凭据、您的加密密钥之类的信息，如果您的应用程序正在使用任何 API，那么您可以从.env文件中加载 API 密钥/访问令牌，并且您可能不希望有权访问该项目的每个人都可以访问这些凭据.

2) The .envfile contains specific settings which you might not want to have same on Production and Development Environment

2) 该.env文件包含您可能不希望在生产和开发环境中具有相同的特定设置

Eg. On Development Environment you may keep APP_DEBUG = truewhere as for Production it's recommended to have APP_DEBUG=false. Similarly if your app is using any API(Payment Gateway) then you will have to use Test API Credentials for Development Environment and Live Credentials(which will result in actual online transaction) for Production Environment which can be managed well through .envfile.

例如。在开发环境中，您可以保留APP_DEBUG = true在生产环境中建议使用APP_DEBUG=false. 同样，如果您的应用程序使用任何 API（支付网关），那么您将必须使用开发环境的测试 API 凭证和生产环境的实时凭证（这将导致实际的在线交易），这些凭证可以通过.env文件进行很好的管理。