DevBolt
Processed in your browser. Your data never leaves your device.

How do I convert a .env file to Docker Compose or Kubernetes YAML?

Paste your .env file and select an output format: Docker Compose inline environment, Docker Compose env_file reference, Kubernetes ConfigMap, Kubernetes Secret (base64 or stringData), or docker run -e flags. The tool parses KEY=VALUE pairs, strips quotes, detects sensitive keys (passwords, tokens, API keys), and generates valid YAML or shell commands. Everything runs in your browser — your secrets never leave your device.

.env to Docker/K8s Converter

Convert .env files to Docker Compose environment blocks, Kubernetes ConfigMaps, Secrets, or docker run flags. Sensitive keys are detected automatically. Validate your .env first →

Samples:
Ctrl+Enter

Output Format Reference

FormatUse CaseSensitive Data?
Docker Compose (inline)Variables directly in docker-compose.ymlNot recommended — values visible in file
Docker Compose (env_file)Reference .env file from composeBetter — .env excluded from VCS via .gitignore
K8s ConfigMapNon-sensitive config in KubernetesNot for secrets — data is plain text
K8s Secret (base64)Standard K8s secrets (base64 encoded)Base64 is encoding, not encryption — use RBAC + encryption at rest
K8s Secret (stringData)Human-readable secrets (auto-encoded by K8s)Same security as data: — encoded on apply
docker run -eOne-off container runs with env varsVisible in process list — avoid for secrets
Related:.env Validator·Docker Compose Validator·Kubernetes Validator·Dockerfile Validator·YAML Formatter

Frequently Asked Questions

How do I convert a .env file to a Kubernetes ConfigMap?
Paste your .env file, select 'Kubernetes ConfigMap' as the output format, set the resource name and optional namespace, then click Convert. The tool parses all KEY=VALUE pairs and generates a valid ConfigMap YAML with apiVersion, kind, metadata, and data fields. Sensitive keys (passwords, secrets, tokens) are flagged with a comment suggesting you use a Kubernetes Secret instead.
What is the difference between Kubernetes Secret data and stringData?
The 'data' field requires values to be base64-encoded (the format Kubernetes stores internally). The 'stringData' field accepts plain text values that Kubernetes automatically base64-encodes when the manifest is applied. Both are equivalent at runtime. Use stringData for readability during development and data for CI/CD pipelines that pre-encode values. Note that base64 is encoding, not encryption — always enable encryption at rest for production Secrets.
Does the tool detect sensitive environment variables?
Yes. The converter scans key names against 20+ patterns including PASSWORD, SECRET, TOKEN, API_KEY, PRIVATE_KEY, DATABASE_URL, JWT_SECRET, STRIPE_KEY, and AWS_SECRET. When you use the ConfigMap format, detected sensitive keys are flagged in a comment block suggesting migration to a Secret. A count of sensitive keys appears in the stats bar after conversion.
Can I use the output directly in my Docker Compose or Kubernetes project?
Yes. The generated YAML and shell commands are valid and ready to paste into your project files. Docker Compose output includes the services: block structure. Kubernetes output includes apiVersion, kind, and metadata fields. The docker run output generates a complete command with -e flags. You may need to adjust the service name, resource name, namespace, or image name to match your project.

Related Convert Tools

CSV

CSV ↔ JSON Converter

Convert between CSV and JSON formats with custom delimiters

%20

URL Encoder & Decoder

Encode and decode URLs with encodeURIComponent and encodeURI

YML

JSON ↔ YAML Converter

Convert between JSON and YAML for Kubernetes, Docker, and CI/CD configs

&;

HTML Entity Encoder

Encode and decode HTML entities, special characters, and symbols