I have developed many remote event receivers and host them inside azure web apps. now the web.config file inside those remote event receivers contain the ClientId & ClientSecret, as follow:-
<appSettings file="custom.config">
<add key="ClientId" value="e***7" />
<add key="ClientSecret" value="h***g=" />
</appSettings>
Now if a hacker or an end user found those values inside the project code, then the user can control all the sites, as when we register the remote event receivers we grant them full control on the site collection.. so any advice how we can secure those details? so if someone access the source code of the RER then she/he can not view those details?
Thanks