I was thinking about using workers to authenticate users. It involves 3rd party API with it’s own private key. In the end I should generate JWT and sign it with another private key.
From the FAQ https://developers.cloudflare.com/workers/faq/
Is my code public?
The content of your worker script will not be accessible to the public. However, Cloudflare employees may view your scripts for a variety of purposes, such as debugging, security audits, or to provide you with technical support.
I understand it is not secure to store private keys, secrets, etc. inside worker code itself. As far as I understand there is no way to use any kind of private config file or service where I can store “static” keys privately also.
Is there any secure solution or a way to store private keys so worker can load and use them? Do I miss anything?
Thank you in advance.