| Field | Value | Copy |
|---|---|---|
| {{ row.label }} | {{ row.value }} |
| Line | Key | Quote | Status | Source | Preview |
|---|---|---|---|---|---|
| {{ row.line }} | {{ row.key }} | {{ row.quoteType }} | {{ row.status }} | {{ row.source }} | {{ row.preview }} |
{{ normalizedYaml }}{{ envText }}{{ iniText }}{{ propertiesText }}| Document | Path | Type | Preview | Copy |
|---|---|---|---|---|
| Doc {{ row.docIndex }} | {{ row.path || '(root)' }} | {{ formatTypeLabel(row.type) }} | {{ row.preview }} |
| Path | Types | Docs | Example |
|---|---|---|---|
| {{ row.path }} | {{ row.types }} | {{ row.docs }} | {{ row.example }} |
| Key | Level | Entropy | Preview | Signals | Copy |
|---|---|---|---|---|---|
| {{ row.key }} | {{ row.level }} | {{ row.entropy }} | {{ row.preview }} | {{ row.reasons }} |
.env files are plain-text configuration lists that keep deploy-specific values out of application code. They usually hold items such as host names, ports, feature flags, tokens, and connection strings, so the same project can run in development, staging, and production without editing the source itself.
This converter turns that text into a browsable configuration model. You can paste environment content or drop a file, inspect what each line became, review warnings about duplicates or unresolved interpolation, and then export the parsed result as YAML, JSON, runtime-style environment text, service INI, or Java properties.
The useful part is not only format conversion. A large configuration file often hides three different problems at once: parsing ambiguity, inconsistent naming, and accidental secret exposure. The page addresses all three by combining a parser trace, flattened path views, schema summaries, a secret-posture table, and a type chart with the converted outputs.
That makes the tool suitable for several practical situations. You might be migrating an older `.env` file into a deployment system that prefers YAML, checking how duplicate keys are resolved before a release, or auditing whether a generated configuration includes credential-like values that should move to managed secret storage.
The important caution is that `.env` behavior is not universal across every ecosystem. This tool exposes its own parser profile, typing rules, duplicate policy, and interpolation options so you can see exactly which interpretation was applied. That transparency is more useful than pretending there is one single authoritative dialect.
Most sessions begin with a paste. As soon as the editor contains parseable content, the summary banner reports how many keys were found, how many scalar values survived parsing, how deep the structure became after typing, and whether the run involved multiline values, interpolation expansion, unresolved references, or secret-like entries.
If the file is small, start with Config Ledger and Parser Trace. Config Ledger tells you what the document looks like after parsing and typing. Parser Trace tells you how each source line was read, whether it was quoted or unquoted, whether it was skipped, and whether a duplicate replaced or preserved an earlier value. That pair usually answers the first operational question: did the parser understand the file the way you expected?
Once the parse looks right, the output tabs become more valuable. YAML and JSON are the clearest normalized views for structured review. Runtime Env, Service INI, and Java Properties are the portability views, useful when the same settings need to be moved into another system that expects flatter key conventions.
Path Atlas and Schema Drift are especially useful when smart typing turns a value into an object or array. Instead of reading a long JSON literal inside one environment variable, you can inspect the derived paths and see the detected types at each location. That makes nested configuration easier to compare, export, and discuss.
Secret Posture is best treated as a review surface, not a verdict. It uses key-name patterns, token length, and entropy to flag entries that look credential-like. A high score does not prove a value is sensitive, and a low score does not make a value safe to publish. It is a fast triage layer for configuration review.
The parser works line by line. Blank lines and full-line comments are ignored, an optional leading export keyword is removed, and the remaining text is split into key and value segments. In strict dotenv mode the separator is =; in compose-style mode the parser also accepts :, which is useful when configuration snippets mix classic `.env` rows with simple colon-separated rows.
Key validation is intentionally narrow. A key must follow the familiar environment-variable pattern of a leading letter or underscore followed by letters, digits, or underscores. If bare-key acceptance is enabled, a line containing only a valid key is stored with a null value. Otherwise, malformed or separator-less lines are skipped and recorded in the trace table with a warning.
Value handling changes with quoting. Unquoted values are trimmed and can lose inline comments that begin after whitespace. Double-quoted values decode escaped newlines, carriage returns, tabs, quotes, and backslashes, and they can span multiple lines until a closing quote is found. Single-quoted values are treated more literally, which matters because they are not expanded or type-cast in the same way.
Interpolation is deliberate rather than magical. The tool understands $VAR, ${VAR}, ${VAR:-default}, and ${VAR-default}. Expansion can be disabled, limited to keys already parsed from the current text, or widened to runtime environment variables when the execution context exposes them. Missing references can be kept, blanked, or kept with a warning so you can choose between strict cleanup and forensic review.
Typing is also selectable. In smart mode, unquoted or double-quoted values that look like booleans, null, numbers, or JSON literals are converted into those native types. In literal mode, values stay as strings. That choice matters because nested JSON values create deeper paths, affect the type chart, and change how YAML, JSON, INI, and properties outputs are generated.
| Concern | Shipped behavior | Why it matters |
|---|---|---|
| Parser profile | Choose strict dotenv or compose-style parsing. | Lets you handle both classic KEY=value files and simple colon-separated rows. |
| Variable expansion | Disable it, use parsed keys only, or check parsed keys plus runtime environment values when available. | Shows whether a file is self-contained or depends on values defined elsewhere. |
| Duplicate keys | Later values can replace earlier ones, or earlier values can be preserved. | Makes collision handling visible instead of burying it inside parser assumptions. |
| Typing | Smart mode casts booleans, null, numbers, and JSON literals; literal mode keeps strings. | Controls whether the converted outputs behave like typed configuration or raw text. |
| Flattened exports | Generate runtime-style env keys, INI sections, and dotted properties from parsed scalar paths. | Helps move the same configuration into systems that prefer flatter key layouts. |
| Secret review | Score entries with key-name heuristics, entropy, and preview masking. | Provides a quick triage layer before configuration is copied into tickets, docs, or version control. |
The export layer is built from one shared parsed document. YAML output respects indentation, line-width, key sorting, quote forcing, quote style, and anchor suppression. JSON output respects the chosen spacing. Runtime Env can prepend a prefix and force uppercase keys. Service INI derives section names from the first path segment, and Java Properties preserves dotted paths directly.
Path Atlas and Schema Drift come from the same flattening walk. Every scalar location becomes a row with a document index, a path, a detected type, and a preview. Schema Drift groups rows with the same path to show the set of observed types and an example value. The preview can be limited from 50 to 2000 rows, but exports still use the full discovered path set.
Secret Posture is intentionally lightweight. It looks for names containing markers such as secret, token, password, or client_secret, then combines that signal with token entropy and length. Masking changes the preview shown in review tables, but it does not rewrite the converted YAML, JSON, env, INI, or properties outputs.
Everything runs in the browser session. The package has no server-side helper, so pasted text, dropped files, parser traces, and generated outputs stay local unless you deliberately copy or download them.
Config Ledger is the post-parse summary. It tells you the document type, the number of top-level keys, the number of total nested keys, the scalar count, and the maximum depth. In typical use the document count stays at one because the tool parses one pasted file at a time, but nested JSON values can still increase depth and path count substantially.
Parser Trace is the best place to diagnose unexpected output. A row marked Parsed means the line produced a value. Replaced duplicate means a later declaration overwrote an earlier one under the selected policy. Ignored duplicate means the earlier value was preserved. Skipped means the line did not satisfy the parser rules and therefore never entered the model.
The recommendation badges in Secret Posture summarize the highest-priority issues found in the current run. High recommendations usually come from secret-like keys with strong token signals. Medium recommendations often mean unresolved interpolation or duplicate-key collisions. An informational recommendation means the tool did not find obvious secret or interpolation blockers, not that the file is safe for publication.
Path Atlas and Key Shape Map are best used together. Path Atlas shows where values live and how they are named. Key Shape Map shows the volume of value types discovered across the flattened output. If the chart suddenly shifts toward objects and arrays after you enable smart typing, that is a sign your environment file contains JSON payloads that deserve closer review.
The export tabs should be read as alternate presentations of the same parsed state. If something looks wrong in YAML, verify the trace and the underlying parsed value first rather than assuming the formatter changed the meaning.
Paste a short file such as APP_ENV=production, APP_NAME=example, and DB_PORT=5432. In smart mode, the port becomes a number while the names remain strings.
The YAML and JSON tabs become the quickest normalized views, while Runtime Env preserves the flat style for systems that still want classic environment rows.
Suppose the file contains DB_HOST=db and DATABASE_URL=postgres://${DB_HOST:-localhost}:5432/app. With variable expansion set to use parsed keys, the URL is expanded from the current document.
If DB_HOST is missing, the default segment is used. If you change missing-reference behavior to warn, the trace and warning list make that dependency visible.
If a file declares the same key twice, the trace will show whether the later value replaced the earlier one or was ignored under first-value policy. If the repeated key looks like a credential, Secret Posture will usually rank it above ordinary settings.
That combination is useful during release review because collisions and secret sprawl often appear together in older environment files.
No server-side helper is present for this package. Parsing, conversion, and review happen in the browser session.
No. The parser is explicit about the rules it supports, and that is why the page exposes profile, interpolation, typing, and duplicate controls instead of hiding them.
It converts recognizable booleans, null, numbers, and JSON literals into native values. Literal mode leaves everything as text.
You choose the policy. Either the first declaration wins and later duplicates are ignored, or later declarations replace earlier ones. The trace records whichever policy was used.
No. Masking changes review previews. The generated YAML, JSON, env, INI, and properties outputs still contain the parsed values.
The tool parses one pasted environment document at a time. Nested JSON values can still create many paths inside that single document.
$VAR with a value from the current document or another available source.