How to Blur the Supabase Dashboard During Screen Sharing (Hide API Keys & User Data)
Demoing your Supabase backend on a call? Here's how to hide the project URL and reference, the anon and service_role keys, the database connection string and password, Table Editor rows and the Auth users list before you share your screen.
To hide API keys and data in the Supabase dashboard during a screen share, blur the sensitive items in the page before you present — the project URL and reference on the API settings page, the anon and service_role keys, the database connection string and password, and the rows of user PII in the Table Editor. BlurFirst paints each blur into the page as real pixels, so it survives Zoom, Google Meet, Microsoft Teams, Loom, OBS and even a screenshot of the shared feed.
Supabase is a browser-based dashboard that re-renders as you move between the Table Editor, SQL editor and settings, so lean on anchored region blurs for the fixed chrome — the project name in the top-left and the project switcher — and use element blur or Scan for individual values like the service_role key. Start blurring with Ctrl/⌘ ⇧ Y and keep the panic hotkey Ctrl/⌘ ⇧ H ready for a query result full of emails.
What the Supabase dashboard exposes
- Project URL and reference — the project name and its reference in
https://abcdefgh.supabase.co, shown in the top-left and on the API page; it identifies your backend and is baked into every request. - anon and service_role keys — under Settings > API, the anon public key and especially the service_role key, which bypasses Row Level Security and grants full read/write to your database.
- Connection string and password — under Settings > Database, the Postgres connection string with host, port, user and the database password.
- Table Editor rows — real user data: names, emails, phone numbers, addresses, Stripe customer IDs and anything else in your
users,profilesororderstables. - Auth users list — under Authentication > Users, the full list of registered users with their email addresses, providers, and user UUIDs.
- SQL editor — queries and their results that print PII to the screen, plus saved snippets that embed table and column names.
- Project name — chosen by you, it often names the client or product and appears across the sidebar and project switcher.
Blur the Supabase dashboard step by step
- 1
Open the page you'll present
Navigate to the Table Editor, SQL editor or the exact settings page before the call, so you never open Settings > API live with the service_role key on screen.
- 2
Box-blur the project name and switcher
Drag a box over the top-left project name and the project switcher so the name and reference stay hidden. The anchored region blur keeps covering that chrome as the dashboard re-renders.
- 3
Element-blur keys and the connection string
On Settings > API, click the anon and service_role key values to frost them; do the same for the connection string and password on Settings > Database. Don't click the copy/reveal control on the call.
- 4
Run Scan across data and queries
One click runs Scan (Pro), which detects email, phone, credit-card and API-key patterns locally and blurs them — ideal for a Table Editor grid or a SQL result full of user emails. It won't treat a UUID, a table name or the project reference as a pattern, so blur those yourself.
- 5
Keep panic ready for query results
If you run a query and it returns a screenful of PII, press Ctrl/⌘ ⇧ H to blur the whole page instantly, then reveal only the columns that are safe to show.
| Sensitive item | Where it appears | Best gesture |
|---|---|---|
| Project URL + reference | Top-left, Settings > API | Box-blur the project chrome |
| anon + service_role keys | Settings > API | Element blur; don't reveal live |
| Connection string + password | Settings > Database | Element blur |
| User rows (PII) | Table Editor | Scan, or box-blur the grid |
| Auth users + emails | Authentication > Users | Scan, or element blur per row |
Why RLS and a private project don't cover a screen share
Row Level Security and a project only your team can log into control who can query the data and with which key. On a screen share the signed-in user is *you*, in the dashboard, where the service_role key is printed in full on the settings page and RLS is not what stands between the audience and your data. Those controls gate database access; they say nothing about what a person watching your screen reads. In-page blurring works at the presentation layer instead — it controls what the viewer sees, regardless of your keys or policies. And if the service_role key was ever shown on a recording, rotate it.
Save your Supabase blurs for next time
If you demo or debug from the dashboard regularly, set the structural blurs once and let BlurFirst Pro's per-site auto-apply re-apply them whenever you open supabase.com. Your box over the project name comes back automatically and survives the dashboard's re-rendering as you move between the Table Editor, SQL editor and settings. The profile stores only a CSS selector for each region, never the keys, connection string or user data inside it.