A few months ago a teammate accidentally pasted production AWS credentials
into an online JSON formatter. Nothing happened — but it could have.
That moment stuck with me. How many times had I pasted a JWT, a .env file,
or a Dockerfile into some random tool without thinking about it? Those sites
are free because they can afford to be. Your data might be the product.
So I stopped using them and built my own: DevsTool.
What it is
DevsTool is a collection of 19 developer and
DevOps utilities that run entirely in your browser. No backend, no accounts,
no data collection. The only thing that ever leaves your machine is the URL
you're on.
The tools I use most as a DevOps engineer
K8s Manifest Generator
Fill in a form — name, image, replicas, resource limits, env vars — and get
a ready-to-apply Deployment + Service YAML. Handles ConfigMap, Ingress, and
HPA too. No more copying boilerplate from Stack Overflow.
CIDR / Subnet Calculator
Enter a CIDR block like 10.0.0.0/24 and instantly see the network address,
broadcast, first/last host, total IPs, and usable hosts. Has a binary
visualizer showing which bits are network vs host, and an IP-in-range checker.
Essential for VPC planning.
Secret Scanner
Paste any text — code, config, logs — and it scans for 20+ credential
patterns: AWS access keys, GitHub tokens, GCP service account keys, Azure
connection strings, Stripe keys, Discord tokens, and more. All regex, all
client-side.
Log Formatter
Paste JSON logs and it parses them into a structured view with level badges,
timestamps, and expandable JSON payloads. Filter by error/warn/info/debug,
search across lines, and scroll horizontally for long lines. You can also
upload a .log file directly.
Dockerfile Linter
Checks 12 best-practice rules: pinned base images, no apt-get without
--no-install-recommends, COPY over ADD, non-root USER, and more.
Other tools
JSON Formatter (Monaco editor), JWT Decoder, YAML Validator, ENV Parser,
Diff Checker, Markdown Preview, Cron Builder, Git Command Builder,
Base64/URL Encoder, UUID Generator, Timestamp Converter, Port Reference,
HTTP Headers inspector.
How it's built
- Next.js 15 App Router, fully static except the HTTP Headers proxy
- Tailwind CSS v4
- Monaco Editor (via CDN to avoid Turbopack worker bundling issues)
- ⌘K command palette for jumping between tools instantly
- Shareable links — tool state is base64url-encoded in the URL, no server involved
The secret scanner is just a list of compiled regexes run against the input
on every keystroke. The K8s generator is a form that builds a YAML string —
no server, no templating engine.
Why client-side matters
When you paste a JWT into a tool, you're potentially exposing:
- The algorithm and signing key hint
- User IDs, roles, and permissions encoded in the payload
- Token expiry (useful for timing attacks)
When you paste a .env file, you're potentially exposing every secret your
app uses. Running these tools in the browser means the data never travels
over a network. There's nothing to intercept, nothing to log.
The project is open source: github.com/gauravtayade11/devstool
Live: devstool.vercel.app
Would love feedback — especially on what DevOps tools you'd want added next.
Top comments (1)
what tool do you reach for most?