Protect source code in a public repo

Hello, everyone!

I’m working on creating an app that requires authentication for access via a URL, utilizing public spaces. I’m managing the authentication workflow to restrict access to specific users.

However, I aim to safeguard/hide the source code of the space. Based on other questions in this forum, it appears there’s no built-in feature to restrict access to the source code.

I’ve considered hosting only the Dockerfile and, during the build process, cloning the code from a private GitHub repository (utilizing secrets for the access token). Has anyone tried this method, and is it secure enough?

Edit: I’m not using Gradio (an not planning to use it). I know there is the option to load the private Space from the public one