.env Validator

.env File Contents

Summary

0

Total Keys

0

Valid

0

Warnings

0

Errors

0

Duplicates

Validation Results

Paste a .env file and click Validate to see results.

Related Tools

YAML/JSON/TOML Converter

Convert between configuration formats

Chmod Calculator

Calculate Unix file permissions

HTTP Status Codes

Complete HTTP status code reference

dotenv syntax — what goes in a .env file

.env files store configuration as plain key-value pairs, loaded into the process environment at app startup by libraries like dotenv (Node), python-dotenv, godotenv, or Docker's env_file directive.

# Comments start with #
DATABASE_URL=postgres://user:pass@localhost:5432/mydb
API_KEY=sk-abc123

# Values with spaces need quotes
COMPANY_NAME="Acme Corp"

# Values can interpolate other vars (library-dependent)
LOG_DIR=/var/log
LOG_FILE=${LOG_DIR}/app.log

# Multi-line values (library-dependent)
PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA...
-----END RSA PRIVATE KEY-----"

# Empty values
FEATURE_FLAG=

Rules:

Keys: uppercase letters, digits, underscores. No spaces. Convention: UPPER_SNAKE_CASE.
No spaces around =. KEY=value, not KEY = value.
Quote values with spaces or special characters.
Never commit .env to git — always .gitignore it. Commit a .env.example with placeholder values.
Production: use environment variables directly or a secret manager (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault), not .env files.

What the validator catches

Duplicate keys — the last one wins, often silently. Validator flags the override.
Empty values — API_KEY= is usually a bug. Either remove the line or populate.
Unquoted spaces — NAME=John Doe becomes just NAME=John with Doe treated as a new key.
Suspicious secrets — strings matching AWS access key pattern (AKIA...), Stripe keys (sk_live_...), GitHub tokens (ghp_...), JWT tokens.
Placeholder leftovers — values like changeme, TODO, xxx, password, secret.
Windows line endings / BOM — can break parsers that expect LF-only.
Inline comments on value lines — some parsers treat KEY=value # comment as setting KEY to value # comment verbatim.

Frequently Asked Questions

How do I validate a .env file for errors?

Paste your `.env` contents. The validator catches duplicate keys, empty values, invalid syntax (unquoted values with spaces), Windows line endings, BOMs, and placeholder strings like `CHANGE_ME` or `TODO`. Also flags secrets that look suspicious (leaked tokens, real-looking API keys).

What syntax does a valid .env file use?

Lines are `KEY=value`. Keys: uppercase letters, digits, underscores. Values with spaces or special chars must be quoted: `NAME="John Doe"`. Comments start with `#`. No spaces around `=`. Supports dotenv conventions used by Node.js, Python, Ruby and Docker.

Does this .env validator check for secret leaks?

Yes. It scans for strings matching common secret formats (AWS access keys, Stripe keys, GitHub tokens, JWT patterns) and warns. Also flags weak placeholder defaults like `password` or `changeme` that are often forgotten in production.

Is my .env content sent anywhere?

No. Everything runs in your browser — your secrets never leave your device. Safe to paste real production `.env` files for validation.

How is .env different from environment variables or config files?

`.env` files hold key-value pairs loaded into process environment at startup, traditionally via dotenv libraries. They're plain text (never commit to git). Config files (YAML/JSON/TOML) are structured and usually committed. Environment variables live in the OS and override both.

dotenv syntax — what goes in a .env file

What the validator catches

Frequently Asked Questions

Related Developer Tools

Legal

Company

Get in touch