Hide Environmental Variables from Laravel Debug Mode

Pankaj Thakur January 31, 2020

Hide Environmental Variables from Laravel Debug Mode

In the development phase of our Laravel application, we keep the debug mode on. Doing so helps us track the issues quickly and resolve them fast. It shows the real technical issues to look into. However, when we move our code to the production server which is accessible to all, that’s when we need to take care of the debug mode.

While the debug mode is on and crash on Laravel application lists all the Environmental variables on page. These Environmental variables contain very crucial and sensitive information like database credentials, payment gateway credentials, etc. This information can be used by hackers to access your server and data so it is of utmost importance that you always keep your debug mode off on the production server.

However, sometimes our application is at the production server but it is in testing mode and you would like to keep the debug mode on to quickly track the issues so you can use the following code to hide these Environmental variables.

To hide these variables we need to add the following code to “config/app.php” File. The following code will replace all Environmental Variables with “*”.

1) To hide all Environmental and Other Important Variables.

'debug_blacklist' => [
    '_COOKIE' => array_keys($_COOKIE),
    '_SERVER' => array_keys($_SERVER),
    '_ENV' => array_keys($_ENV),
    '_POST' => [
        'password',
    ],      
],

This Code will replace all variables with “*”. This will not just hide all Environmental variables but it will also hide all other sensitive information like Server Variables, Cookie variables, Post Variables.

We can also change the code to hide specific Information from Environmental Variable like DB, STRIPE Etc.

2) To hide specific information from Environmental and Other Important Variables.

'debug_blacklist' => [
 '_ENV' => [
     'APP_KEY',
     'DB_PASSWORD',
     'REDIS_PASSWORD',
     'MAIL_PASSWORD',
     'PUSHER_APP_KEY',
     'PUSHER_APP_SECRET',
     'STRIPE_KEY',
     'STRIPE_SECRET',
 ],
 '_SERVER' => [
     'APP_KEY',
     'DB_PASSWORD',
     'REDIS_PASSWORD',
     'MAIL_PASSWORD',
     'PUSHER_APP_KEY',
     'PUSHER_APP_SECRET',
     'STRIPE_KEY',
     'STRIPE_SECRET',
 ],
 '_POST' => [
     'password',
 ],
],

This Code will replace specified variables with “*”.

If you have any queries or doubts about this topic please feel free to contact us. We are here to help you!

Lets’s Talk

About your ideas and concept