Skip to content

Latest commit

 

History

History
35 lines (30 loc) · 1.4 KB

index.md

File metadata and controls

35 lines (30 loc) · 1.4 KB
Raw

Home

API Reference

Packages

Package Description
ssr-only-secrets

This package provides a way to pass secrets from Server Components into the SSR-run of Client Components without them being accessible in the browser.

This technique was inspired by this comment by @Stevemoretz.

Usage:

Install the package

 
npm i ssr-only-secrets

Generate a jwk-formatted AES-CBC key, e.g. by running

```js crypto.subtle .generateKey( { name: "AES-CBC", length: 256, }, true, ["encrypt", "decrypt"] ) .then((key) => crypto.subtle.exportKey("jwk", key)) .then(JSON.stringify) .then(console.log); ```

and store the result in an environment variable, e.g. SECRET_KEY_VAR, e.g. by writing it into your .env.local.

```env SECRET_KEY_VAR={"alg":"A256CBC","ext":true,"k":"...","key_ops":["encrypt","decrypt"],"kty":"oct"} ```

Now, you can pass "cloaked secrets" from your Server Components into the SSR-run of your Client Components, without them being accessible in your Client Components in the browser.

|