# App Debug Hide Analyzer

Category Severity Time To Fix
🛡️ Security ⚠️ Critical 5 minutes

Class: Enlightn\Enlightn\Analyzers\Security\AppDebugHideAnalyzer

# Introduction

This analyzer confirms whether your application hides sensitive environment variables while in debug mode and in a non-local environment.

If your application is in production and debug mode is on, the security risk is critical. Refer App Debug Analyzer for more details.

If your application is in a staging environment, it may be fine to turn on debug mode but you must hide all sensitive environment variables.

# How To Fix

Refer the Laravel documentation on Hiding Environment Variables From Debug Pages (opens new window) to fix this issue. Note that depending on your Laravel version, the name of the configuration parameter may differ, so be sure to visit the Laravel docs for the version of Laravel your application is using.

# Skip Condition

This analyzer is skipped if your application does not have the filp/whoops package installed.