How to use the .env / Properties / JSON / YAML Converter
Convert environment variables between formats every modern stack uses: .env, JSON, YAML, Java .properties, Docker Compose environment:, and Kubernetes ConfigMap / Secret. Useful when moving config between Node, Spring, Python, and container platforms, or when sharing dev config safely with teammates. Optional secret masking redacts values whose key looks sensitive (SECRET, TOKEN, PASSWORD, KEY) before export. Runs locally; nothing is uploaded.
What it does
- Converts between .env, JSON, YAML, .properties, Docker Compose, and Kubernetes ConfigMap / Secret.
- Auto-detects the input format.
- Handles quoted values, multi-line values, comments, and inline
# in values.
- Mask secrets by key heuristic (
SECRET, TOKEN, PASSWORD, KEY, PRIVATE).
- Base64-encode values for Kubernetes
Secret stringData / data fields.
- Strip comments and empty lines on export.
When to use it
- Share dev config with a teammate without exposing secrets.
- Migrate a Node.js service to Spring (
.env → .properties).
- Produce a Kubernetes
ConfigMap or Secret from a working .env.
- Embed config inside
docker-compose.yml under environment:.
- Convert config from a tool that exports JSON to a runtime that expects YAML.
- Redact a config snippet before pasting into a ticket, PR, or chat.
How to use it
- Paste your existing config — the converter auto-detects whether it is .env, JSON, YAML, or .properties.
- Pick the output format: JSON, YAML, .env, .properties, Docker Compose, Kubernetes ConfigMap / Secret.
- Toggle Mask secrets when sharing with anyone you don't fully trust.
- For Kubernetes Secrets, enable Base64 encoding of values to match the
data: field format.
- Copy or download the result. Drop it straight into your manifest, app config, or PR.
Tips & pitfalls
- Values with spaces must be quoted in
.env: NAME="hello world". The converter handles this automatically.
- Comments (
#) and blank lines are stripped on JSON / YAML output — they have no equivalent.
- Keys are case-sensitive:
DB_HOST and db_host are different keys.
- For Kubernetes Secrets, the
data: field requires Base64; stringData: accepts plain values.
- Never commit real secrets to a repo. Use a secret manager (AWS Secrets Manager, GCP Secret Manager, Vault) and mount at runtime.
- Mask is a heuristic — it can miss custom-named secrets. Review the export before sharing.
FAQ
- How do I convert .env to JSON? Paste the
.env content, pick JSON output, and copy the result.
- How do I convert .env to a Kubernetes ConfigMap? Pick ConfigMap as the output — the tool emits a YAML manifest with
data: entries.
- How do I create a Kubernetes Secret from .env? Pick Secret as the output. Enable Base64 encoding for the
data: field, or use stringData: for plain values.
- Does the converter handle multi-line values? Yes — quoted multi-line strings and YAML block scalars are preserved.
- Is my config uploaded? No. All conversion runs in your browser.
- What does Mask secrets do? It replaces values for keys matching
SECRET, TOKEN, PASSWORD, KEY, etc. with **** so you can share the structure without leaking values.
Runs locally in your browser. No uploads. Mask secrets before sharing — store real secrets in a vault, not in source control.
