Env Example Generator

How to use

1. 1Paste your real .env file into the input box, or click Load sample to start with an example that contains typical secrets.
2. 2Choose how redacted values are replaced: a smart placeholder inferred from the key, an empty value for a strict template, or a fixed token.
3. 3Turn on Keep safe config values to carry over non-secret settings like NODE_ENV and PORT, and add any keys you are sure are safe to the keep-real list.
4. 4Optionally add type and required hints, keep the export prefix, or uppercase keys to tidy the template.
5. 5Read the .env.example on the right and check the redacted and kept counts to confirm nothing sensitive remains.
6. 6Click Copy or Download .env.example, then commit the file to your repository. Everything stays in your browser.

About this tool

Env Example Generator turns a real, secret-filled .env file into a safe .env.example template you can commit to version control. The twelve-factor convention is to keep secrets out of the repository and check in an example file instead, so a new teammate can copy it to .env and fill in their own values. Producing that example by hand is tedious and risky: it is easy to leave a live API key or database password in the file you push. This tool does the redaction for you. Paste your real .env and read back a version where every value has been replaced with a placeholder, while the structure of the file stays intact. It is a distinct job from the other dotenv tools here: the .env file formatter tidies a single file in place, the .env to JSON converter changes the format, and the dotenv diff checker compares two files, while this one strips the values and hands you a committable template. The parser recognizes the practical subset of dotenv syntax that dotenv-node, python-dotenv, pydantic-settings, viper, docker compose, and GitHub Actions all accept: KEY=value lines with an optional export prefix, double-quoted values with escape sequences, single-quoted literal values, unquoted values, blank lines, full-line comments, and end-of-line comments after unquoted values. A hash that follows whitespace begins a comment while a hash glued to the value is kept, matching how real loaders behave. Comments and blank lines are preserved, so the example reads like documentation rather than a bare list of keys. You choose how redacted values are replaced. Empty mode produces strict KEY= lines for a minimal template. Token mode fills every redacted value with the same marker, such as your_value_here, so a forgotten entry is easy to spot. Smart mode looks at the key name and the shape of the real value to build a descriptive placeholder: a DATABASE_URL gets a sample postgres connection string, a key with URL in the name gets a sample URL, a PORT keeps a number, a boolean flag keeps true or false, an email key gets you@example.com, and a credential key such as a Stripe, JWT, OAuth, or session secret gets an obviously fake stand-in. Keys whose names read like a credential, including SECRET, TOKEN, PASSWORD, API_KEY, PRIVATE, JWT, and DSN, are always redacted and can never be carried over by accident. Configuration values that are not sensitive, such as NODE_ENV, PORT, LOG_LEVEL, and feature flags, can optionally be kept as useful defaults, and you can add any specific key to a keep-real list to preserve its value, except for names that look like secrets. An optional setting inserts a short type and required note above each variable so a teammate knows what to enter, and you can normalize the export prefix and uppercase keys to the conventional SCREAMING_SNAKE_CASE. A live count shows how many variables were redacted versus kept. Everything runs as local string operations in your browser; the real secrets you paste are never uploaded, logged, or stored. Review the output before committing, since redaction is based on common naming patterns and a secret stored under an unusual key name may need to be cleared by hand.

Free to use. Works in your browser. No signup, no login.