Package | Description |
---|---|
ssr-only-secrets | This package provides a way to pass secrets from Server Components into the SSR-run of Client Components without them being accessible in the browser. This technique was inspired by this comment by @Stevemoretz. Install the package |
npm i ssr-only-secrets
Generate a jwk-formatted AES-CBC key, e.g. by running
```js crypto.subtle .generateKey( { name: "AES-CBC", length: 256, }, true, ["encrypt", "decrypt"] ) .then((key) => crypto.subtle.exportKey("jwk", key)) .then(JSON.stringify) .then(console.log); ```and store the result in an environment variable, e.g. SECRET_KEY_VAR
, e.g. by writing it into your .env.local
.
Now, you can pass "cloaked secrets" from your Server Components into the SSR-run of your Client Components, without them being accessible in your Client Components in the browser.
|