Skip to content
BlurFirst

How to Blur the Google Cloud Console During Screen Sharing (Hide Project, Billing & Keys)

7 min read

Presenting from GCP on a call? Here's how to hide the project ID and number, billing and cost reports, service account emails, API keys, external IPs and bucket names in the Google Cloud console before you share your screen.

To hide project and billing data in the Google Cloud console (GCP) on a screen share, blur the items in the page before you present — the project ID and number in the top picker, cost reports, service account emails, and the keys on your Credentials page. BlurFirst paints each blur into the page as real pixels, so it survives Zoom, Google Meet, Microsoft Teams, Loom, OBS and any recorder, and nothing you blur ever leaves the browser.

The top blue bar carries the most identifying thing in the console — the project picker, which shows the current project ID and number and, when you open it, a list of every other project you can reach. Blur that first. Start blurring with Ctrl/⌘ ⇧ Y and keep the panic hotkey Ctrl/⌘ ⇧ H ready.

The project and billing data GCP puts one click away

  • Project ID and number — shown in the project picker at the top; opening it reveals a recent-projects list that can name other clients and environments.
  • Billing account and cost reports — dollar figures, cost-by-service breakdowns and forecasts under Billing → Reports that disclose your spend and scale.
  • Service account emails and keys — identities like svc-deploy@my-project.iam.gserviceaccount.com and the JSON keys you create or download under IAM & Admin → Service Accounts.
  • API keys — the key strings (AIzaSy…) listed under APIs & Services → Credentials, often visible in full.
  • Compute Engine external IPs — the public IP addresses on the VM instances list.
  • Cloud Storage bucket namesgs:// bucket names that encode client or project names.
  • IAM member emails — the full list of principals under IAM & Admin → IAM, exposing who is on the project.

Blur the Google Cloud console before you present

  1. 1

    Pick the project and open the page you'll show

    Select the right project and navigate to the exact page — Compute, Storage, Credentials — before the call, so you're not opening the project picker live.

  2. 2

    Box-blur the project picker

    Drag a box over the project picker in the top bar so the project ID and number stay hidden, and don't open the recent-projects dropdown on the call. The anchored box keeps covering the bar as the console re-renders.

  3. 3

    Element-blur credentials and identities

    On APIs & Services → Credentials, click an API key string to frost it; do the same for service account emails and any key IDs. The rest of the table stays readable.

  4. 4

    Run Scan for keys and emails

    Scan (Pro) detects API-key patterns and email addresses locally in one click and blurs them — handy for the Credentials and IAM lists. It won't treat the project ID/number or bucket names as patterns, so box- or element-blur those yourself.

  5. 5

    Box-blur billing figures, keep panic ready

    On Billing → Reports, box-blur the totals and charts. If a cost report or another project flashes up, press Ctrl/⌘ ⇧ H to blur the whole page instantly.

Sensitive itemWhere it appearsBest gesture
Project ID + numberTop project pickerBox-blur the picker; don't open it live
API keysAPIs & Services → CredentialsElement blur, or Scan
Service account + IAM emailsService Accounts, IAMElement blur, or Scan
External IPs + bucket namesVM instances, Cloud StorageElement blur per row
Billing / cost figuresBilling → ReportsBox-blur charts and totals
What to hide in the Google Cloud console, and how.

Why project IAM roles don't help on a live share

Cloud IAM roles and org policies control what the signed-in member can access. During a screen share that member is *you*, so the audience sees whatever your account can — the project ID, the billing page, every service account. IAM was designed to gate access, not to decide what a person watching your screen can read. Blurring works at the presentation layer, controlling what the viewer sees regardless of your permissions.

Auto-apply your GCP blurs each session

If you present from the console often, set the structural blurs once and let BlurFirst Pro's per-site auto-apply re-apply them whenever you open console.cloud.google.com. Your box over the project picker comes back automatically and survives the console's dynamic re-rendering as you move between services. The profile stores a CSS selector for each region, never the project ID or the keys inside it.

Frequently asked questions

Can I hide the project ID without hiding the whole toolbar?

Yes. Box-blur just the project picker area, or element-blur the project ID and number where they appear. The rest of the top bar and the page stay visible for your demo.

Does Scan find GCP API keys and service account emails?

Scan detects API-key patterns and email addresses locally and blurs them in one click, which covers most keys on the Credentials page and emails in IAM. The project ID, number and bucket names aren't recognised patterns, so blur those manually.

Will the blurs stay put as the console re-renders?

Yes. Region blurs are anchored to a screen area and re-apply as the single-page console redraws. Per-site auto-apply (Pro) restores your structural blurs automatically each visit.

Can BlurFirst hide a downloaded service account key?

It can blur the key shown in the page, but the console offers keys as file downloads too. Treat a key that was ever downloaded or exposed as sensitive and rotate it — blurring only protects what's on the call.

Does anything I blur leave my machine?

No. BlurFirst runs entirely in the browser and only makes a license-check request. Scan runs locally, so project and billing data never leave your browser.

Blur it before you share it.

Hide any field, region or message on a page before your next call. Nothing you blur leaves your browser.

Add to Chrome