"then why do we use .env files to set environment variables in the first place?" other larger teams use multiple place to put their app, like local development, staging server, integration server and production server. It is generally easier to set and track just specific the environment variables in .env itself, instead of configuring it one by one in those multiple environments.

"If I did what phpdotenv say, and remove the use of .env in production, then where would I put my DB credentials etc?" if you are using php-fpm, you can use this https://www.digitalocean.com/community/questions/setting-envir... if apache, this one could be useful http://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv in cloud platforms however, they have their own way (some of them) in setting these values. so check for their respective docs.

i think i just assume that if .env file is not present, the one that will be read out is the one you had set in the servers config values i mentioned above. so the quick answer might be -- just dont put .env file at all in yout production servers, and just set your values in the server level