Is the IPC mechanism secure?

[abjrcode]

Hi, I am building an application that handles sensitive data (secrets and API keys) and trying to figure out if the communication between the frontend and the backend is secure.

As far as I have seen, communication is accomplished by posting messages in JSON?
I haven't used IPC mechanisms before so I hope my question makes sense. I am wondering if a debugger or another application can spy and see messages sent between the two in plaintext?
If so, is there a way to secure it without adding support for that internally in Wails?

[leaanthony]

The IPC mechanism is internal to the application and is just as susceptible to any debugging as any other mechanism. Storing sensitive data in an application is never a good option regardless of what you do inside your application. If you are worrying about "in flight" data then you could encrypt and decrypt your data. Then the problem is how and where you store the keys. At the end of the day, this is a design issue regardless of how the inner workings of your app work.

[abjrcode]

Indeed it is a design issue regardless. I am taking everything into consideration but the IPC, and specifically the "in-flight" part, is the only element which I don't have full oversight on. Is it sending messages on the loopback adapter or is it communicating via a memory buffer?
Are there ports in use?

The reason I am specifically asking about "networking" is because there are a lot of tools to monitor and inspect network traffic but it is harder, or can be made hard, to inspect a processes memory

[leaanthony]

It's in memory 👍