Is it recommended to encrypt the .env file or the passwords inside .env file?
Because they don't want the database passwords to be in plain text. They said that it is for security reasons. I am using laravel and the user does only have access in public folder. I've already hidden the phpinfo.php file.
Thanks
You can set an encrypted string as password in the '.env' file and decrypt it in your code. But I don't think that it will increase the security level on your system.
Much more important is to set the right configuration on the server (permissions, file locations, etc.). You could disable things likephpinfo() and instead of .env, you could use php-fpm pool conf and protect the file from only being viewed by root .