Hide passwords in Laravel’s whoops output

By default, Laravel’s whoops output displays passwords and other sensitive variables in your env file on-screen. How to keep it hidden from the screen? In Laravel there is a new feature for this. It allows you to blacklist the variables on config/app.php under debug_blacklist. If an exception is thrown you can mask these values with asterisks instead of each character.


return [



    // ...


   
'debug_blacklist' => [
    '_ENV' =>[
           'APP_KEY',
           'DB_PASSWORD',
           'REDIS_PASSWORD',
           'MAIL_PASSWORD',
           'PUSHER_APP_KEY',
           'PUSHER_APP_SECRET',
        ],
        '_SERVER' =>[
           'APP_KEY',
           'DB_PASSWORD',
           'REDIS_PASSWORD',
           'MAIL_PASSWORD',
           'PUSHER_APP_KEY',
           'PUSHER_APP_SECRET',
        ],
        '_POST' =>[
           'password',
        ],
    ],
];


To keep every variables of env file hidden use the following code.


'debug_blacklist' =>[
        '_COOKIE' =>array_keys($_COOKIE),
        '_SERVER' =>array_keys($_SERVER),
        '_ENV' =>array_keys($_ENV),        


	],