Is it safe to store secretKey in React javascript file?


#1

We have a plan to develop a desktop application to read data from our official website.

And I try to use Electron and React to build an application to connect server by OAuth2.0 but I’m not confidently to store secret key in javascript file as Action of Redux (because it can view in bundle.js file from index.html).

I’m not sure about this choice will be safe.

Is it has another better choice to store secretKey by Nodejs and connect OAuth 2.0 to our server by Nodejs and after that request send result data from APIs of our website to React to render pages.

Please guide me to clarify this curiosity and sorry for my bad English.


#2

As a general rule, don’t hardcode the secret key.

Your code would be readable by users, so it’s not advisable to include it in your app. I’m not the best person to answer questions about security, but an API call could do the job. Hopefully someone can confirm or deny that.