Using .gitignore in Laravel Projects: What to Hide and Why

Muhammad Abdullah
Software Engineer & Tech Enthusiast

The First Time I Pushed Everything

When I uploaded my first Laravel app to GitHub, I pushed everything, including the vendor folder, the .env file, and even cache files. A friend immediately messaged me: “Delete that repo now, you just leaked your database password.” That is when I discovered the power of .gitignore. In Laravel, using it properly is not optional, it is survival.

What is .gitignore

The .gitignore file tells Git which files or folders to ignore. This means they will not be tracked, staged, or committed to your repository. It is a simple text file, but it protects you from leaking secrets and keeps your repo clean.

Laravel’s Default .gitignore

When you create a fresh Laravel project, you will see a .gitignore file already included. Some of the default entries are:

/vendor
/node_modules
/public/storage
.env
Homestead.json
Homestead.yaml
.idea

These defaults already prevent common mistakes, like committing your vendor dependencies or your sensitive .env file.

What You Should Ignore in Laravel

How to Use .gitignore in Laravel

If you need to add more files to ignore, just open the .gitignore and add entries line by line. For example:

# Ignore custom IDE files
/.vscode

# Ignore local testing database
/database/database.sqlite

Benefits of Using .gitignore Properly

Pro Tips From Experience

Mistakes to Avoid

  1. Committing .env: This is the fastest way to leak secrets publicly.
  2. Pushing vendor or node_modules: It bloats your repo and is unnecessary.
  3. Ignoring too much: Be careful not to ignore files that actually matter for the project.

The Reality Check

.gitignore is small, but it is one of the most powerful tools in your Laravel project. It keeps your repo clean, your team efficient, and your secrets safe. If you are new to Laravel, master this early, and you will save yourself from embarrassing mistakes later.

Think of .gitignore as your project’s bouncer, keeping the unwanted files out of your Git history. Set it up once, and it protects you every day.