Hiding Environment Variables From Debug Pages

When an exception is uncaught and the APP_DEBUG environment variable is true, the debug page will show all environment variables and their contents. In some cases you may want to obscure certain variables. You may do this by updating the debug_blacklist option in your config/app.php configuration file.

Some variables are available in both the environment variables and the server / request data. Therefore, you may need to blacklist them for both $_ENV and $_SERVER:

return [

    // ...

    'debug_blacklist' => [
        '_ENV' => [
            'APP_KEY',
            'DB_PASSWORD',
        ],

        '_SERVER' => [
            'APP_KEY',
            'DB_PASSWORD',
        ],

        '_POST' => [
            'password',
        ],
    ],
];

Configuration

• Introduction
• Environment Configuration
• Retrieving Environment Configuration
• Hiding Environment Variables From Debug Pages
• This is a test articles 1