How to Hide Sensitive Information in Screenshots on Mac

Screenshots leak more than you think

You take a screenshot of a bug to paste into a GitHub issue. The terminal in the corner has your AWS access key in the command history. Your browser tabs show client names. The dock reveals every app you have installed. That screenshot is now in a public repo, indexed by search engines, and the API key is already being scraped by bots.

This is not a hypothetical. Leaked credentials in screenshots are a real attack vector. Security researchers regularly find API keys, database connection strings, internal URLs, and session tokens in screenshots posted to GitHub issues, Stack Overflow, Slack channels, and social media. The screenshot looked harmless — but it contained everything an attacker needed.

Whether you're sharing with your team, filing a bug report, or pasting into an AI coding assistant, you need a fast way to redact sensitive information before the screenshot leaves your machine. Here are the methods that work on Mac, ranked from built-in to purpose-built.

Method 1: Capture only what you need

The simplest way to hide sensitive information is to not capture it in the first place. Use Cmd+Shift+4 to select only the region that matters. If you need to show a specific error message, there's no reason to capture the entire screen — just drag a tight selection around the relevant area.

This seems obvious, but full-screen captures (Cmd+Shift+3) are a habit. And full-screen captures include everything: notification banners with message previews, menu bar items that reveal your VPN and cloud services, browser tabs with internal tool names, and dock icons that map your entire toolchain. A selection capture avoids all of this.

When this works: The sensitive information is spatially separated from the content you need to capture. You can draw a box that includes only the relevant area.

When this doesn't work: The sensitive data is mixed in with the content you need to show — an API key in a config file, a password field next to the error, personal data in a database query result.

Method 2: Crop after capture in Preview

If you already took the screenshot, you can crop it in Preview before sharing. Open the file in Preview, use the selection tool to draw a rectangle around the safe area, then go to Tools > Crop (or press Cmd+K). Save, and the cropped image replaces the original.

Preview also has a basic redaction capability under Tools > Annotate > Rectangle. You can draw a filled black rectangle over sensitive areas. Set the fill color to black and the border to none, then drag it over the text you want to hide. This is technically an annotation layer, not a destructive edit — so you need to export as a new file (File > Export) rather than just saving, to make sure the redaction is permanently burned into the image.

Critical warning: If you just save the file with the rectangle annotation rather than exporting to a flat image, the underlying text is still there. Someone can open the PDF or image in an editor and remove the annotation layer. Always export to PNG or JPEG to flatten the redaction permanently.

Method 3: Markup in the screenshot thumbnail

After taking any screenshot on macOS, a thumbnail appears in the bottom-right corner for a few seconds. Click it to open the Markup editor. This gives you pen, shapes, and text tools. You can draw a filled rectangle over sensitive areas, just like in Preview.

The advantage of Markup is speed — you don't need to find the file and open it separately. Capture, click the thumbnail, draw over the sensitive parts, click Done. The file saves with the annotations baked in, so there's no risk of someone removing them later.

Limitations: The Markup window is small. If you're redacting multiple areas across a large screenshot, the tools feel cramped. There's no blur tool — only solid shapes. And if you dismiss the thumbnail (or it times out), you have to open the file manually anyway.

Method 4: Blur with a dedicated screenshot tool

Purpose-built screenshot apps offer blur and pixelation tools that are faster and more professional-looking than dragging black rectangles. With a blur tool, you select the sensitive area and the content becomes unreadable but the surrounding context is preserved. The viewer can see that something was redacted without it looking like a censorship bar from a police report.

Blur is better than solid-fill redaction in most cases because it preserves the visual layout of the content. The reader can still gauge how long the redacted string was, whether it was a URL or a token, and where it appeared relative to other elements — without being able to read the actual value.

When to use blur vs. solid fill: Use blur for data where the shape and position provide useful context (an API key in a config file, a name in a user list). Use solid fill for data where even the shape is sensitive (a full credit card number, a social security number).

What to check before sharing any screenshot

Before you paste, send, or upload a screenshot, scan it for these common leaks:

Browser tabs and address bar. Tab titles reveal what you're working on. The address bar shows internal URLs, staging environments, and admin panels. Even the favicon can identify an internal tool.

Terminal and command history. If a terminal is visible, it may show environment variables, connection strings, recent commands with credentials, or file paths that reveal your project structure. Commands like export API_KEY=... or curl -H "Authorization: Bearer ..." are especially dangerous.

Notification banners. macOS shows notification previews over all applications. A Slack message, email subject, or calendar event could appear on top of your screenshot. These can contain names, meeting details, or sensitive discussions.

Menu bar and dock. The menu bar shows connected VPNs, cloud service icons, and active applications. The dock reveals your installed apps. Together, they give a detailed picture of your toolchain and infrastructure.

Database results and logs. If you're screenshotting a query result or log output, scan for PII (names, emails, phone numbers), tokens, internal IDs, and connection details. Developers often screenshot logs while debugging and forget that production data is in the output.

File paths and project names. A file path like /Users/jane/clientname/secret-project/ reveals your name, your client, and your project. Window titles in code editors show the full file path.

Special considerations for AI assistants

If you're pasting screenshots into Claude, Cursor, ChatGPT, or another AI coding assistant, there are additional reasons to redact carefully. The AI model reads every pixel of your screenshot. It can extract text, recognize patterns, and recall details from the image. If you paste a screenshot with an API key visible in the background, the model sees it.

This doesn't mean the AI will misuse your credentials — but it means the data has been transmitted to a third-party service. Depending on your organization's security policy and the AI provider's data retention practices, this may violate compliance requirements.

Best practice for AI workflows: Redact before pasting, not after. Once the screenshot is in the chat, it's been sent. Use a selection capture to grab only the relevant code or error, and blur anything sensitive that falls within the selection. A tight, clean screenshot also gives the AI better context — less noise means more accurate analysis.

Comparison of redaction methods

Build the habit, not just the tool

The best screenshot redaction workflow is the one you actually use every time. If your process requires opening a separate app, finding the file, editing, exporting, and then pasting — you'll skip it when you're in a hurry. And the one time you skip it is the time the API key gets leaked.

LazyScreenshots puts annotation and redaction in the capture flow itself. Capture a screenshot, and the annotation overlay appears immediately — before the image goes anywhere. Blur a region, draw a box, crop to the relevant area, then auto-paste directly into your AI assistant or Slack. The entire flow takes 3–5 seconds, so there's no reason to skip it.

When redaction is built into the capture step rather than added as an afterthought, it stops being a chore and becomes automatic. That's the difference between good intentions and actual security.