.env to Docker Compose Converter
Convert your .env file to Docker Compose format. Choose between inline environment variables or an env_file reference. Use the converter above, then follow this guide for production best practices.
.env to Docker/K8s Converter
Convert .env files to Docker Compose environment blocks, Kubernetes ConfigMaps, Secrets, or docker run flags. Sensitive keys are detected automatically. Validate your .env first →
Output Format Reference
| Format | Use Case | Sensitive Data? |
|---|---|---|
| Docker Compose (inline) | Variables directly in docker-compose.yml | Not recommended — values visible in file |
| Docker Compose (env_file) | Reference .env file from compose | Better — .env excluded from VCS via .gitignore |
| K8s ConfigMap | Non-sensitive config in Kubernetes | Not for secrets — data is plain text |
| K8s Secret (base64) | Standard K8s secrets (base64 encoded) | Base64 is encoding, not encryption — use RBAC + encryption at rest |
| K8s Secret (stringData) | Human-readable secrets (auto-encoded by K8s) | Same security as data: — encoded on apply |
| docker run -e | One-off container runs with env vars | Visible in process list — avoid for secrets |
Inline environment vs env_file
Docker Compose supports two ways to pass environment variables. The 'environment' key lists variables directly in docker-compose.yml as KEY: VALUE pairs. The 'env_file' key references an external .env file. Inline is convenient for non-sensitive config that should be version-controlled. env_file is better for secrets because you can .gitignore the file. You can use both together — inline values override env_file values for the same key.
# Inline environment
services:
app:
image: node:20
environment:
NODE_ENV: production
PORT: 3000
# env_file reference
services:
app:
image: node:20
env_file:
- .env
- .env.localVariable interpolation in Compose
Docker Compose supports variable substitution using ${VARIABLE} syntax in the YAML file itself. Variables are resolved from the shell environment or a .env file in the project root (not the env_file directive). You can set defaults with ${VARIABLE:-default} and require values with ${VARIABLE:?error message}. This is useful for per-environment configuration without changing the compose file.
services:
db:
image: postgres:${POSTGRES_VERSION:-16}
environment:
POSTGRES_DB: ${DB_NAME}
POSTGRES_PASSWORD: ${DB_PASSWORD:?Set DB_PASSWORD in .env}Security best practices
Never commit secrets to docker-compose.yml. Use env_file with .gitignore for local development. For production, use Docker Swarm secrets, external secret managers (Vault, AWS Secrets Manager), or build-time --secret mounts. The converter detects sensitive keys like passwords, tokens, and API keys and flags them in the output.
Frequently Asked Questions
Should I use environment or env_file in Docker Compose?
Use 'environment' for non-sensitive config you want visible in the compose file (NODE_ENV, PORT). Use 'env_file' for secrets (passwords, API keys) so they stay out of version control. You can combine both — inline values take precedence over env_file for duplicate keys.
Does Docker Compose automatically read .env files?
Yes. Docker Compose reads a .env file in the project root for variable substitution in the YAML file (${VAR} syntax). This is separate from the env_file directive, which passes variables to the container. The root .env is for compose-time interpolation; env_file is for container runtime environment.
Related Convert Tools
CSV ↔ JSON Converter
Convert between CSV and JSON formats with custom delimiters
URL Encoder & Decoder
Encode and decode URLs with encodeURIComponent and encodeURI
JSON ↔ YAML Converter
Convert between JSON and YAML for Kubernetes, Docker, and CI/CD configs
HTML Entity Encoder
Encode and decode HTML entities, special characters, and symbols