Using .gitignore in Laravel Projects: What to Hide and Why

The First Time I Pushed Everything

When I uploaded my first Laravel app to GitHub, I pushed everything, including the vendor folder, the .env file, and even cache files. A friend immediately messaged me: “Delete that repo now, you just leaked your database password.” That is when I discovered the power of .gitignore. In Laravel, using it properly is not optional, it is survival.

What is .gitignore

The .gitignore file tells Git which files or folders to ignore. This means they will not be tracked, staged, or committed to your repository. It is a simple text file, but it protects you from leaking secrets and keeps your repo clean.

Laravel’s Default .gitignore

When you create a fresh Laravel project, you will see a .gitignore file already included. Some of the default entries are:

/vendor
/node_modules
/public/storage
.env
Homestead.json
Homestead.yaml
.idea

These defaults already prevent common mistakes, like committing your vendor dependencies or your sensitive .env file.

What You Should Ignore in Laravel

• .env: Always ignore this file, it contains your database, mail, and API credentials.
• /vendor: Composer dependencies should not be pushed to Git, they are installed with composer install.
• /node_modules: NPM dependencies should also be installed locally, not committed.
• Cache and Logs: Files in /storage/framework/cache and /storage/logs should stay local.
• Compiled files: /bootstrap/cache should be ignored, as these are regenerated automatically.

How to Use .gitignore in Laravel

If you need to add more files to ignore, just open the .gitignore and add entries line by line. For example:

# Ignore custom IDE files
/.vscode

# Ignore local testing database
/database/database.sqlite

Benefits of Using .gitignore Properly

• Security: Prevents sensitive files like .env from leaking.
• Clean Repos: Keeps your GitHub repo free of unnecessary clutter.
• Team Productivity: Everyone installs dependencies locally, keeping repos lightweight.
• Professionalism: Shows you understand Git best practices in real-world projects.

Pro Tips From Experience

• Use git rm --cached file if you accidentally committed something that should be ignored.
• Keep your .gitignore consistent across projects, especially in teams.
• If you need to share environment settings safely, use .env.example instead of the real .env.
• Review your repo before pushing to make sure sensitive files are not included.

Mistakes to Avoid

1. Committing .env: This is the fastest way to leak secrets publicly.
2. Pushing vendor or node_modules: It bloats your repo and is unnecessary.
3. Ignoring too much: Be careful not to ignore files that actually matter for the project.

The Reality Check

.gitignore is small, but it is one of the most powerful tools in your Laravel project. It keeps your repo clean, your team efficient, and your secrets safe. If you are new to Laravel, master this early, and you will save yourself from embarrassing mistakes later.

Think of .gitignore as your project’s bouncer, keeping the unwanted files out of your Git history. Set it up once, and it protects you every day.