How to hide .env passwords in Laravel whoops output?

Question

How can I hide my passwords and other sensitive environment variables on-screen in Laravel\'s whoops output?

Sometimes other people are looking at my development wor

Answer 1

Thanks Jeff and Raheel for helping out, but I just found a little gotcha:

Even if I clear out all environment keys from _ENV, the same keys are STILL exposed through the _SERVER variables listed.

Adding the code below in config/app.php would hide all environment variables from the whoops page:

'debug_blacklist' => [
        '_SERVER' => array_keys($_ENV),
        '_ENV' => array_keys($_ENV),        
],