A few weeks ago, I was helping a teammate debug something.
I shared my screen, opened VSCode, and without realizing —
my .env file was visible.
Right there, for 20+ seconds:
API_SECRET=sk_live_7b3c...
It wasn’t recorded, luckily. But it could’ve been.
And if it was a live demo, stream, or recorded tutorial…
💀 I’d be regenerating keys and praying no one used them.
🖥️ The Real Threat: Your Screen
We all know not to push secrets to Git.
But what about when you're:
- Live coding
- Sharing your browser
- Recording a bug demo
- Pair programming
Your screen becomes an attack surface — and you usually don’t realize it until after the fact.
🛡️ The Fix: Entropy Extension
After that moment, I found Entropy — a dev-focused Chrome extension that:
- Detects secrets and tokens on your screen
- Blurs them automatically
- Even turns itself on when you're in a meeting
It’s like a DLP for your browser, made for developers.
✅ TL;DR
If you ever screen share as a dev — even once — get Entropy.
It catches what your eyes miss.
Ever leaked a secret on screen? Drop your horror story below 👇
Top comments (5)
I need to try this asap. Awesome
I've been there too - accidentally flashed a token during a demo and only realized after. Entropy sounds like something I should've had ages ago! Anyone get burned worse than that?
Feedback is more then welcomed, thanks !
Don't use third party extensions ever.
Why ?