Use of .env variables in production

Question

I'm a bit confused what's a good/secure way to work with .env on production.

I'm using the vlucas/phpdotenvpackage, which is also used by Laravel. This package stores the variables to $_ENV and $_SERVER (is that secure?). This topic states that using .env is secure, but is that true when using the package as well?

However, I read that Laravel uses that one-time to cache the config. In my PHP application, I don't have access to Laravel so I can't use that approach.
As stated here, phpdotenv should not be used on production.

How to configure the production environment in that case?
SetEnv? Or perhaps any possibilities via deployment scripts? (e.g. via GitLab pipelines). And is some encryption needed?