<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Furkan Beydemir</title>
    <description>The latest articles on DEV Community by Furkan Beydemir (@beydemirfurkan).</description>
    <link>https://dev.to/beydemirfurkan</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1402189%2Fb80c41cd-2860-4b5b-b021-5869ce90e2fc.jpeg</url>
      <title>DEV Community: Furkan Beydemir</title>
      <link>https://dev.to/beydemirfurkan</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/beydemirfurkan"/>
    <language>en</language>
    <item>
      <title>I scanned my own laptop for leaked secrets and found 62,311 of them</title>
      <dc:creator>Furkan Beydemir</dc:creator>
      <pubDate>Wed, 01 Jul 2026 17:18:16 +0000</pubDate>
      <link>https://dev.to/beydemirfurkan/i-scanned-my-own-laptop-for-leaked-secrets-and-found-62311-of-them-3gp6</link>
      <guid>https://dev.to/beydemirfurkan/i-scanned-my-own-laptop-for-leaked-secrets-and-found-62311-of-them-3gp6</guid>
      <description>&lt;p&gt;Last week I got a little paranoid about how much sensitive data my AI&lt;br&gt;
coding tools were writing to disk. So I built a scanner and pointed it at&lt;br&gt;
my own home directory.&lt;/p&gt;

&lt;p&gt;Here's what it found on a completely normal workday:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight console"&gt;&lt;code&gt;&lt;span class="gp"&gt;$&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;keynv doctor
&lt;span class="go"&gt;
  !  zsh history                 5 likely secrets across 1 file
  !  Claude Code transcripts     62,306 likely secrets across 73 files
  ·  Cursor logs                 clean

  Total: 62,311 likely secrets across 74 files.

  Top patterns:
    aws-access-key-id       90
    openai-api-key          81
    github-pat-classic      59
    jwt                     59
    slack-webhook           45
    stripe-live-secret-key  34
    postgres-uri            515
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;62,311. In plaintext. On disk. On one developer's machine.&lt;/p&gt;

&lt;h2&gt;
  
  
  "But I use a secrets manager"
&lt;/h2&gt;

&lt;p&gt;So do I. It made zero difference here — and that's the whole point.&lt;/p&gt;

&lt;p&gt;Vault, Doppler, 1Password, Infisical... these tools all solve one problem&lt;br&gt;
extremely well: &lt;strong&gt;where you store a secret at rest&lt;/strong&gt;. That machine above&lt;br&gt;
would pass any of their audits clean.&lt;/p&gt;

&lt;p&gt;But a secret's life doesn't end at storage. At some point it gets&lt;br&gt;
&lt;em&gt;resolved&lt;/em&gt; into a real value and used — and the moment it touches a&lt;br&gt;
&lt;strong&gt;runtime text surface&lt;/strong&gt;, storage-era tooling stops protecting it. Those&lt;br&gt;
surfaces are:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;your shell history (&lt;code&gt;~/.zsh_history&lt;/code&gt;)&lt;/li&gt;
&lt;li&gt;your terminal's stdout&lt;/li&gt;
&lt;li&gt;CI logs&lt;/li&gt;
&lt;li&gt;and — the big new one — your &lt;strong&gt;AI agent's transcript&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;
  
  
  Why AI agents made this so much worse
&lt;/h2&gt;

&lt;p&gt;Claude Code stores every session as JSONL. Cursor keeps logs. These tools&lt;br&gt;
faithfully record every command they run and every byte of output they&lt;br&gt;
see. That's a feature — it's how they keep context.&lt;/p&gt;

&lt;p&gt;It also means every time the agent:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;cat&lt;/code&gt;s a &lt;code&gt;.env&lt;/code&gt; file&lt;/li&gt;
&lt;li&gt;hits a connection error containing a &lt;code&gt;postgres://user:password@host&lt;/code&gt; URI&lt;/li&gt;
&lt;li&gt;echoes an API key into a stack trace&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;...that secret gets written to disk in plaintext, in a file you forgot&lt;br&gt;
exists. 62,306 of my 62,311 leaks lived in exactly these transcripts.&lt;/p&gt;
&lt;h2&gt;
  
  
  What I built
&lt;/h2&gt;

&lt;p&gt;I ended up building an open-source tool called &lt;strong&gt;keynv&lt;/strong&gt; around two ideas.&lt;/p&gt;
&lt;h3&gt;
  
  
  1. Alias-first resolution
&lt;/h3&gt;

&lt;p&gt;Instead of putting the real value anywhere, you reference an alias:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# .keynv.env  (safe to commit — it holds aliases, never values)&lt;/span&gt;
&lt;span class="nv"&gt;OPENAI_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;@demo.dev.openai-key
&lt;span class="nv"&gt;DATABASE_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;@demo.prod.db-url
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then you wrap your command:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;keynv &lt;span class="nb"&gt;exec&lt;/span&gt; &lt;span class="nt"&gt;--&lt;/span&gt; npm run dev
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;code&gt;keynv exec&lt;/code&gt; resolves each &lt;code&gt;@alias&lt;/code&gt; to its real value &lt;strong&gt;inside a&lt;br&gt;
privileged subprocess your AI agent's process tree can't read&lt;/strong&gt;, and forks&lt;br&gt;
your command with the real environment. Your shell, your editor, and the&lt;br&gt;
agent driving the terminal only ever see the alias literal:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;your code:          keynv exec -- mysql -p@billing.prod.db_password
                                      │
                                      ▼
the AI agent sees:  "@billing.prod.db_password"   (just the alias)
the database sees:  the actual password           (decrypted out of reach)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  2. Text-surface scrubbing
&lt;/h3&gt;

&lt;p&gt;For the secrets that leak the old-fashioned way (a copied error, a&lt;br&gt;
&lt;code&gt;cat .env&lt;/code&gt; you ran by hand), keynv monitors and cleans the surfaces&lt;br&gt;
directly:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Command&lt;/th&gt;
&lt;th&gt;What it does&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;keynv doctor&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Read-only scan — counts likely leaks, never prints raw values&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;keynv scrub&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Atomic in-place rewrite with &lt;code&gt;.bak&lt;/code&gt; backups&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;keynv shell install&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Regex history hook — scrubs before a command lands in history&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;keynv watch start&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;chokidar daemon — scrubs live agent sessions in real time&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The two layers compose: aliases stop leaks before they land, scrubbing&lt;br&gt;
catches the ones that slip through.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it on your own machine (30 seconds, read-only)
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm &lt;span class="nb"&gt;install&lt;/span&gt; &lt;span class="nt"&gt;-g&lt;/span&gt; @keynv/cli
keynv doctor
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;code&gt;doctor&lt;/code&gt; is scan-only — it writes nothing, makes no network calls, and&lt;br&gt;
match previews are capped at 3 characters so raw values never appear in&lt;br&gt;
the output. I'd genuinely love to know what number you get.&lt;/p&gt;

&lt;h2&gt;
  
  
  The honest part
&lt;/h2&gt;

&lt;p&gt;The scrubbing half has a &lt;strong&gt;race window&lt;/strong&gt;: between the moment a secret hits&lt;br&gt;
the disk and the moment the watcher rewrites it, it exists in plaintext.&lt;br&gt;
I'm not going to pretend that's airtight — it's documented in the threat&lt;br&gt;
model. That's exactly why the alias half is the &lt;em&gt;primary&lt;/em&gt; defense (the&lt;br&gt;
value never reaches the surface at all) and scrubbing is the backstop.&lt;/p&gt;

&lt;p&gt;keynv is also &lt;strong&gt;explicitly not&lt;/strong&gt; a Vault/Doppler replacement, a &lt;code&gt;.env&lt;/code&gt;&lt;br&gt;
replacement, or a secrets manager. It plugs in next to whatever you&lt;br&gt;
already use. Storage is solved; runtime text-surface protection is the gap.&lt;/p&gt;

&lt;p&gt;It's MIT licensed, fully local (nothing leaves your machine), and&lt;br&gt;
self-hostable.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Repo: &lt;a href="https://github.com/keynv-labs/keynv" rel="noopener noreferrer"&gt;https://github.com/keynv-labs/keynv&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you run &lt;code&gt;keynv doctor&lt;/code&gt;, drop your number in the comments — I'm curious&lt;br&gt;
how universal this is. And if you see a hole in the threat model, I want&lt;br&gt;
to hear it.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>showdev</category>
      <category>opensource</category>
      <category>security</category>
    </item>
    <item>
      <title>Discover Web Tools: A Handy Toolbox for Developers</title>
      <dc:creator>Furkan Beydemir</dc:creator>
      <pubDate>Mon, 06 Jan 2025 12:30:34 +0000</pubDate>
      <link>https://dev.to/beydemirfurkan/discover-web-tools-a-handy-toolbox-for-developers-4afh</link>
      <guid>https://dev.to/beydemirfurkan/discover-web-tools-a-handy-toolbox-for-developers-4afh</guid>
      <description>&lt;p&gt;Hello Dev.to community!&lt;/p&gt;

&lt;p&gt;Today, I want to share a project that I recently launched. As developers, we often need small but handy tools for tasks like coding, analysis, or testing in our daily work. This inspired me to create my own web platform: Discover Web Tools.&lt;/p&gt;

&lt;p&gt;So, what is &lt;strong&gt;Discover Web Tools&lt;/strong&gt;? It’s a platform designed to provide a variety of useful tools, especially for developers and digital professionals. The goal is to make your workflow a bit easier, save you time, and handle some tedious tasks with just a click.&lt;/p&gt;

&lt;p&gt;Currently, the platform offers a wide range of tools. Here are some links to a few of them:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.discoverwebtools.com/tools/meta-tags-generator" rel="noopener noreferrer"&gt;Meta Tags Generator&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.discoverwebtools.com/tools/robot-txt-generator" rel="noopener noreferrer"&gt;Robots.txt Generator&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.discoverwebtools.com/tools/markdown-viewer" rel="noopener noreferrer"&gt;Markdown Viewer&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.discoverwebtools.com/tools/css-shadow-generator" rel="noopener noreferrer"&gt;CSS Shadow Generator&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.discoverwebtools.com/tools/css-layout-generator" rel="noopener noreferrer"&gt;CSS Layout Generator&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.discoverwebtools.com/tools/email-validation" rel="noopener noreferrer"&gt;Email Validation Tool&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is just the beginning! Many more useful tools are already available on the site, and I’m constantly working on adding new ones. My aim is to offer more tools that can simplify your work and support your development process.&lt;/p&gt;

&lt;p&gt;Of course, your feedback is incredibly valuable to me! What tools do you think are missing? If you have any ideas for a useful tool that you would use in your daily life, feel free to share it with me, and I’d be happy to develop and add it to the platform.&lt;/p&gt;

&lt;p&gt;I invite everyone to visit the project and try out the tools!&lt;/p&gt;

&lt;p&gt;Thanks in advance, and I’m looking forward to hearing your comments. Together, we can make it even better!&lt;/p&gt;

&lt;p&gt;Best regards&lt;/p&gt;

</description>
    </item>
  </channel>
</rss>
