@anjanesh it's mostly recommended for development. There used to be a notice on Laravel's documentation page:
phpdotenv is made for development environments, and generally should not be used in production. In production, the actual environment variables should be set so that there is no overhead of loading the .env file on each request.
I guess they've removed that since they now have an
.env encryption helper for even adding the file to git, and they cache the values so the file isn't read every request. But still, reading environment variables directly from the real environment (the server) is best practice and most secure.
While I'm here, @sean, any updates on a timeline for this? Thank you.