.env to Kubernetes ConfigMap Converter
Convert your .env file to a Kubernetes ConfigMap manifest. Use the converter above to generate the YAML, then follow this guide to apply it correctly in your cluster.
.env to Docker/K8s Converter
Convert .env files to Docker Compose environment blocks, Kubernetes ConfigMaps, Secrets, or docker run flags. Sensitive keys are detected automatically. Validate your .env first →
Output Format Reference
| Format | Use Case | Sensitive Data? |
|---|---|---|
| Docker Compose (inline) | Variables directly in docker-compose.yml | Not recommended — values visible in file |
| Docker Compose (env_file) | Reference .env file from compose | Better — .env excluded from VCS via .gitignore |
| K8s ConfigMap | Non-sensitive config in Kubernetes | Not for secrets — data is plain text |
| K8s Secret (base64) | Standard K8s secrets (base64 encoded) | Base64 is encoding, not encryption — use RBAC + encryption at rest |
| K8s Secret (stringData) | Human-readable secrets (auto-encoded by K8s) | Same security as data: — encoded on apply |
| docker run -e | One-off container runs with env vars | Visible in process list — avoid for secrets |
ConfigMap basics
A Kubernetes ConfigMap stores non-confidential configuration data as key-value pairs. Pods consume ConfigMaps as environment variables (envFrom or env with valueFrom), command-line arguments, or mounted config files in a volume. ConfigMaps are namespace-scoped and limited to 1 MiB of data. They are not encrypted — use Secrets for sensitive values.
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
namespace: production
data:
NODE_ENV: "production"
PORT: "3000"
LOG_LEVEL: "info"Consuming ConfigMaps in Pods
Use envFrom to inject all ConfigMap keys as environment variables, or env with valueFrom.configMapKeyRef for individual keys. For file-based config, mount as a volume. envFrom is the fastest way to convert a .env workflow to Kubernetes — one line replaces dozens of individual env entries.
spec:
containers:
- name: app
image: myapp:latest
# Inject all keys as env vars
envFrom:
- configMapRef:
name: app-config
# Or pick individual keys
env:
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: app-config
key: DB_HOSTConfigMap vs Secret
Use ConfigMap for non-sensitive data: feature flags, log levels, service URLs, port numbers. Use Secret for passwords, tokens, certificates, and API keys. The converter auto-detects sensitive key names and flags them. In practice, many teams start with a ConfigMap for everything and gradually split sensitive values into Secrets as they harden their deployment.
Frequently Asked Questions
When should I use a ConfigMap instead of a Secret?
Use ConfigMap for non-sensitive configuration: ports, URLs, feature flags, log levels. Use Secret for passwords, API keys, tokens, and certificates. ConfigMap data is stored in plain text in etcd, while Secret data is base64-encoded (and can be encrypted at rest with EncryptionConfiguration).
How do I update a ConfigMap without restarting pods?
If the ConfigMap is mounted as a volume, Kubernetes automatically updates the files (with a delay of up to the kubelet sync period, typically 60s). For environment variables, pods must be restarted — use 'kubectl rollout restart deployment/myapp'. Tools like Reloader or stakater/Reloader can automate restarts on ConfigMap changes.
Related Convert Tools
CSV ↔ JSON Converter
Convert between CSV and JSON formats with custom delimiters
URL Encoder & Decoder
Encode and decode URLs with encodeURIComponent and encodeURI
JSON ↔ YAML Converter
Convert between JSON and YAML for Kubernetes, Docker, and CI/CD configs
HTML Entity Encoder
Encode and decode HTML entities, special characters, and symbols