Mark Oliver's World

Posted: 31/03/2021

Secrets Within Blazor WASM

A Blazor WASM app runs wholely on the client, therefore we cannot ask the server to store our secret and access it privately.

So how do we keep our secrets safe, yet still not commit them hard coded in our code in our repo?

The simple answer is YOU CANNOT. So don't commit any secrets in WASM code, as it will end up at the client.

This security process should be done at a server, so perhaps a simple Azure function whose job is to actually access the rest of the code once its authenticated.

WASM is great and all, but if you need secrets, then its not for you!

Thanks for reading this post.

If you want to reach out, catch me on Twitter!

I am always open to mentoring people, so get in touch.