It is safe to keep secrets in a canister?

I’m building an APP that accept external requests from web 2.0 that needs to be verified, if I use some secret in a variable using Rust, after compile someone can revert the data and get the secret in some way?
In other works it is safe keeping secrets in a canister?

1 Like

Nodes can see the code they are running, and by design nodes are meant to be run by untrusted third-parties. So no. Ingress messages can be verified by the user principal system; the threshold ECDSA signing feature will enable the secure secret signing of data going the other way.

3 Likes

Thanks for the reply! Do you know if there is a estimation date for ECDSA signing?

Is that the case even with security sandboxing and enclaves? Is data unencrypted in memory? Is it encrypted when sent over the network?

Unencrypted in memory. Encrypted over the network using https.

Even for inter canister, Xnet calls?

This is part of the long-term roadmap, but I don’t know if there have been any updates on this front.

Afaik they recently published the new node specs which have TEE capabilities.