VSCodeTips

VSCodeTips is a community of amazing vscoders

We're a community that shares tips & tricks on how to best leverage VS Code

Create new account Log in
loading...
Cover image for How to Hide Your .env While You're Livestreaming

How to Hide Your .env While You're Livestreaming

Lucia Cerchie
Originally published at dev.to ・1 min read

Note: This article assumes basic knowledge of VSCode. This article was originally posted in the DEV general community.

Here's how to start using John Papa's VSCode extension Cloak to hide .env secrets, especially helpful when you're livestreaming!

  • Search 'Cloak' in VSCode extensions and install it.

Screen Shot 2021-08-02 at 2.27.54 PM

  • Open up a .env file with your secrets in it. It should look something like this:

Screen Shot 2021-08-02 at 2.25.47 PM

  • Open up your Command Palette and hit 'Cloak: Hide Secrets'

Screen Shot 2021-08-02 at 2.28.52 PM

And there you have it! Your secrets are hidden! You can un-hide them by running the 'Cloak: Show Secrets' command. Screen Shot 2021-08-02 at 2.29.53 PM

Note: If you copy/paste, your secret will be visible in the file you pasted it in.

PS- many thanks to @nickytonline who pointed out the usefulness of this extension!

Discussion (10)

Collapse
nektro profile image
Meghan

Nice find! I'm weary of an extension like this due to I'm not sure how VScode deals with updating extensions. This seems like a very big attack vector for sniffing secrets out of users' environments. But then again I suppose that's the case for all extensions..

Collapse
cerchie profile image
Lucia Cerchie Author

You're right! A good question for VSCode?

Collapse
nickytonline profile image
Nick Taylor

Thanks for the shoutout Lucia! Love this extension!

Multiple TV and movie characters giving a thumbs up

Collapse
darylstark profile image
Daryl Stark

Good tip! Does this also work to hide variables during debug?

Collapse
cerchie profile image
Lucia Cerchie Author

What debugging UIs are you thinking of? I think keys would still show up on console.log, for example.

Collapse
darylstark profile image
Daryl Stark

I like to create a variable that contains the username and password for specific taka, but when the debugger stops at a breakpoint, that variable is visible at the left hand side in the Variable View.

Thread Thread
cerchie profile image
Lucia Cerchie Author

So I don't think it would hide the variables in that case-- the extension only hides items in the .env file johnpapa.net/hide-your-secrets-in-...

Collapse
aniebietinyangntui profile image
Aniebiet Inyang Ntui

Great Extension 👌

Collapse
thomasbnt profile image
Thomas Bnt

Oooh nice! I thinking this extension for my last stream.

I was in "I hope I'm not showing any tokens" mode 😆😆😆

Collapse
nektro profile image
Meghan