PixelHush
Hide secrets in config files. Auto-detect screen recording with the PixelHush macOS app.
Recording a tutorial? Streaming on Twitch? Sharing your screen on Zoom? PixelHush can auto-detect recording through the macOS app and mask secrets before a single frame is captured. If you do not use the app, manual hide / reveal still works through shortcuts, the status bar, and the context menu.
Features
- Auto-detect screen recording (Pro) — secrets hide the instant OBS, Loom, Zoom, or any of 50+ apps start capturing (requires the PixelHush macOS app)
- Manual hide/reveal on any platform — works in VS Code, Cursor, Windsurf, and other VS Code forks even without the macOS app
- 48 built-in secret patterns —
*API_KEY*, *SECRET*, *PASSWORD*, *TOKEN*, *DATABASE_URL*, *SSH_KEY*, *CERTIFICATE*, and 41 more out of the box
- Stable support for config formats —
.env, .env.*, *.env, .envrc, .json, .yaml, .yml, .toml, .properties, .ini, .conf, .sh, .bash
- Structure-aware parsing — JSON/YAML nested paths, TOML sections, and INI section-prefixed keys
- Click-to-copy — clicking a hidden value copies it to clipboard without ever revealing it on screen
- Double-click to edit — double-click any key name (including nested keys like
database.password) to update its value via a masked input box (value stays hidden on screen)
- Edit via keyboard —
Cmd+Shift+E opens an input box to modify a hidden value
- Per-file exclusion — exclude non-sensitive config files with one right-click
- Selective hiding — hide only keys that match your patterns
- Status bar control — see current state at a glance, toggle with one click
How It Works
1. PixelHush macOS Agent 2. Signal via flag file 3. VS Code extension
detects screen recording ──> ~/.pixelhush/recording ──> masks all secrets
(ScreenCaptureKit) (HMAC-signed) (Decorator API)
Step 1: The lightweight macOS menu bar agent monitors for recording/sharing apps using Apple's ScreenCaptureKit and window inspection APIs.
Step 2: When recording is detected, the agent writes a cryptographically signed flag file to ~/.pixelhush/recording. When recording stops, the file is removed.
Step 3: The VS Code extension watches for that flag file. Secrets are masked instantly using CSS text-security — your actual files are never modified.
The extension also works standalone without the macOS agent. Use keyboard shortcuts or the status bar to toggle hiding manually.
Supported Recording & Sharing Apps
The macOS agent detects 50+ apps across four categories:
| Category |
Apps |
| Screen recorders |
OBS Studio, QuickTime Player, Loom, Screen Studio, ScreenFlow, Camtasia, Snagit, Kap, Cap, Monosnap, ScreenPal, Zight, Movavi, Capto, DemoCreator, Gifox, LICEcap, GIPHY Capture, Ecamm Live, Wirecast, mimoLive, Streamlabs, Screen Sage, Screen Sage Pro |
| Video calls |
Zoom, Slack, Microsoft Teams, Webex, GoTo Meeting, Discord, Gather.town, VK Teams, CoScreen, Яндекс Телемост |
| Remote access |
Screen Sharing, TeamViewer, AnyDesk, Tuple, Pop, TeleBoss |
| Browsers (screen share) |
Google Chrome |
Dedicated recording apps (OBS, Loom, QuickTime, etc.) are detected instantly on launch. Video calls and browser-based sharing are detected via window inspection polling.
Supported File Types
| Format |
Extensions |
Parsing |
Tier |
| Environment |
.env, .env.*, *.env, .envrc |
Flat KEY=value pairs |
Free |
| JSON |
.json |
Nested object paths, configurable depth |
Free |
| YAML |
.yaml, .yml |
Nested keys by indentation, configurable depth |
Free |
| TOML |
.toml |
Sections and dotted keys |
Free |
| Properties / INI |
.properties, .ini, .conf |
Flat keys; INI sections become section.key |
Free |
| Shell Scripts |
.sh, .bash |
Variable assignments |
Free |
Python and JavaScript / TypeScript are intentionally omitted from the public support matrix until the zero-flash protected flow is production-ready for those formats.
Free vs Pro
| Feature |
Free |
Pro |
| Manual hide/reveal |
Yes |
Yes |
Stable config formats (env, json, yaml, toml, properties, sh) |
Yes |
Yes |
| 48 built-in secret patterns |
Yes |
Yes |
| Selective mode |
Yes |
Yes |
| Status bar controls |
Yes |
Yes |
| Context menu |
Yes |
Yes |
| Keyboard shortcuts |
Yes |
Yes |
| Click-to-copy hidden values |
Yes |
Yes |
| Double-click to edit (masked input) |
Yes |
Yes |
| Auto-detect screen recording |
-- |
Yes |
| Add / remove key patterns from the UI |
-- |
Yes |
| Video call / browser share detection |
-- |
Yes |
| 7-day Pro trial |
Available |
Included |
See Pricing / Get PixelHush Pro
Keyboard Shortcuts
| Action |
macOS |
Windows/Linux |
| Toggle hide/reveal |
Cmd+Shift+H |
Ctrl+Shift+H |
| Toggle value under cursor |
Cmd+Shift+T |
Ctrl+Shift+T |
| Toggle selective mode |
Cmd+Shift+S |
Ctrl+Shift+S |
| Edit hidden value |
Cmd+Shift+E |
Ctrl+Shift+E |
| Copy hidden value |
Cmd+Shift+C |
Ctrl+Shift+C |
All shortcuts are active only in supported file types.
Configuration
Open Settings (Cmd+,) and search for PixelHush, or add to settings.json:
General
{
"pixelhush.enabled": true,
"pixelhush.autoHide": true
}
Appearance
{
"pixelhush.appearance.textColor": "#D19B66",
"pixelhush.appearance.backgroundColor": "transparent"
}
File Patterns
{
"pixelhush.files.patterns": [
".env*",
"*.env",
"*.json",
"*.yaml",
"*.yml",
"*.toml",
"*.properties",
"*.ini",
"*.conf",
"*.sh",
"*.bash"
],
"pixelhush.files.excludedFiles": ["/path/to/public-config.json"]
}
Selective Hiding
When enabled, only keys matching your patterns are hidden (instead of all values):
{
"pixelhush.selective.enabled": true,
"pixelhush.selective.keyPatterns": [
"*API_KEY*", "*SECRET*", "*PASSWORD*", "*TOKEN*",
"*DATABASE_URL*", "*SSH_KEY*", "*PRIVATE_KEY*"
],
"pixelhush.selective.excludeKeys": ["PUBLIC_URL", "NODE_ENV", "DEBUG"]
}
Pattern syntax:
*KEY* -- contains "KEY" anywhereKEY* -- starts with "KEY"*KEY -- ends with "KEY"KEY -- exact match only
All patterns are case-insensitive. For structured formats, the full key path is matched (for example database.password or production.redis.password).
Parsers
{
"pixelhush.parsers.enabled": ["env", "json", "yaml", "properties", "toml"],
"pixelhush.parsers.json.nestedDepth": 10,
"pixelhush.parsers.yaml.nestedDepth": 10
}
Hover
{
"pixelhush.hover.showPreview": false,
"pixelhush.hover.message": "Environment value hidden by PixelHush extension"
}
Right-click in any supported file to access the PixelHush submenu:
PixelHush
├── Hide / Reveal Values
├── Toggle This Value
├── Exclude This Key
├── Edit Value
├── Copy Hidden Value
├── Add Key Pattern (Pro)
├── Toggle Selective Mode
└── Exclude / Include File
FAQ
Does PixelHush modify my files?
No. Masking is purely visual using VS Code's Decorator API. Your files remain untouched on disk.
Does it work without the macOS agent?
Yes. You can hide/reveal secrets manually with keyboard shortcuts or the status bar toggle. The macOS agent adds automatic detection of screen recording and sharing.
Does it work in Cursor?
Yes. The extension is fully compatible with Cursor (and any VS Code fork).
What about Windows and Linux?
The VS Code extension works on all platforms for manual hiding. Auto-detection of screen recording currently requires the macOS agent (Windows/Linux agents are planned).
Is my license key safe?
License verification happens locally between the macOS agent and the extension via HMAC-signed files in ~/.pixelhush/. No data is sent to external servers during normal operation.
Can I use it during live streaming?
Absolutely. That's the primary use case. Secrets are hidden before any frame is captured.
What if I need to edit a hidden value?
Two ways: double-click the key name (e.g. API_KEY or nested database.password) — a masked input box opens, value stays hidden while you type. Or use Cmd+Shift+E / right-click > Edit Value — an input box opens with the current value pre-filled.
What if I need to copy a hidden value?
Click on it (it copies to clipboard automatically) or use Cmd+Shift+C.
Requirements
- VS Code 1.96.0+ (or Cursor / any VS Code fork)
- For auto-detection: PixelHush macOS app (macOS 14+)
Links
License
MIT
