Alternatives to storing service token secrets in browser extension

Hello there, I am developing a new browser extension that will be used to send a HTTP request with a URL payload to a webhook that is exposed internally from a self hosted instance of n8n.

I am hosting this n8n instance behind a cloudflare zero trust tunnel with Authentication set to allow my gmail account through and the webhook is exposed with a service token. This works perfectly but my problem is that storing the CF secret and ID in the browser extension storage for the HTTP request is unsafe and I am looking for other options to make it more secure. Is there any other way I can achieve this more securely using Cloudflare?

For example is there any way to use Cloudflare workers to send securely the CF secret and ID for the service token on request to the browser extension without storing them in the browser storage?
Or it is possible to implement Cloudflare authentication with my gmail into this extension’s pop-up so that when signed in the extension will be able to use the authentication cookie to access the webhook safely?

I am looking for some guidance how to implement this Authentication into the zero trust tunnel without writing my own server backbend. Any help is appreciated. I am also a new developer and still learning.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.