She Shared Her Screen… and Her AWS Secret (Yes, she's a FANG)
#aws#security#browser#devops
RazcoDev

RazcoDev @razcodev

About: Hi, I'm product obsessed 👋

Location:
Tel Aviv, Israel
Joined:
Dec 23, 2019

She Shared Her Screen… and Her AWS Secret (Yes, she's a FANG)

Publish Date: May 17
3 0

Yesterday, on a Zoom meeting, I watched a senior engineer from a company you'd definitely recognize (FANG) accidentally leaked her AWS credentials while sharing her screen.

No one on the call said anything.

She needed help with debugging a tiny bug.
The screen flicked over to her browser, and specifically - AWS console — and right there, in plain text, was a long, juicy AWS secret (❗️).
The kind of secrets you hope never leaves your local machine. It lasted maybe 3 seconds, but the meeting was recorded.

We’ve normalized zoom/google/whatever meetings and screen sharing, but we haven’t adapted our tools — or habits — to protect sensitive data in real-time.

This Happens Way More Than We Think

As developers, we move fast. Our tools are always open:

  • Dashboards full of internal data
  • .env files
  • Devtools showing API responses
  • PIIs all over our browser
  • Debug consoles

Secrets don’t live in just your code — they’re in your browser, your extensions, your tabs, your terminal. When you screen share, you're not just sharing your work — you're potentially leaking everything under the hood.

The Cost of a 3-Second Mistake

Screens are recorded. Calls are uploaded. Interns and clients and strangers see your screen.

That one token? Maybe it had admin permissions. Maybe it let someone spin up $50k in EC2s. Maybe it wasn’t rotated fast enough.

I’ve seen this happen multiple times in the last year. I’ve also… done it myself.

So I Built a Fix

Entropy Demo Screenshot
(Entropy Demo screenshot)

This problem kept nagging at me, so I built something to solve it.

It’s called Entropy — a Chrome extension that detects and redacts secrets and PII in real time, right inside your browser.

  • ✅ Detects API keys, AWS secrets, emails, tokens, etc.
  • ✅ Redacts data before it shows up on screen
  • ✅ Customizable rules
  • ✅ Fast, private, local

Whether you're on a sales call, a Twitch stream, or a demo for your CTO — you shouldn't have to worry about what's lurking in your devtools.

Let's Fix This for Everyone

If you’ve ever leaked a secret — or almost did — you’re not alone.

I’d love to hear your stories, feedback, or ideas.

Would this be useful in your team?

Try Entropy and let me know what you think.

Entropysec.io

Comments 0 total

    Add comment