I'm a full stack web developer who has been freelancing for the last 20 years. I write about everything from development to production and also have video courses on my site!
That's pretty dangerous advice because it depends on how you configure your application.
I personally commit .env files because they don't contain sensitive information and typically having settings important to being able to start up my app in development. I have a feeling just about anyone using Docker Compose would also commit .env files too since it's used for setting your project name.
I reserve .env.prod or other environment specific files for sensitive API keys and other things I wouldn't want to commit.
Striving to become a master Go/Cloud developer; Father ๐จโ๐งโ๐ฆ; ๐ค/((Full Stack Web|Unity3D) + Developer)/g; Science supporter ๐ฉโ๐ฌ; https://coder.today
I'm a full stack web developer who has been freelancing for the last 20 years. I write about everything from development to production and also have video courses on my site!
I just mean putting it into your main .gitignore file is dangerous because you run the risk of not committing essential settings to make your project work if it depends on .env being around.
Using --force every time they want to add a file isn't a viable solution IMO. That's a command you might run 50 times a day.
In other words, you should add .env on a per project basis when your project may have .env files that contain sensitive info, just like you would want to ignore any other files that have sensitive data.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
That's pretty dangerous advice because it depends on how you configure your application.
I personally commit
.envfiles because they don't contain sensitive information and typically having settings important to being able to start up my app in development. I have a feeling just about anyone using Docker Compose would also commit.envfiles too since it's used for setting your project name.I reserve
.env.prodor other environment specific files for sensitive API keys and other things I wouldn't want to commit.It is not dangerous and also .env.prod is very specific.
You can always commit the files from gitignore, but you have to do it explicitly, so you avoid mistakes
--force.I just mean putting it into your main
.gitignorefile is dangerous because you run the risk of not committing essential settings to make your project work if it depends on.envbeing around.Using
--forceevery time they want to add a file isn't a viable solution IMO. That's a command you might run 50 times a day.In other words, you should add
.envon a per project basis when your project may have.envfiles that contain sensitive info, just like you would want to ignore any other files that have sensitive data.