When executing LogicSig transactions, the teal code (and actual arguments) are exposed, ie. reviewable in algoexplorer.
I presumed the following piece of code would suppress exposure to “arg 0” - especially since the sha256 command dynamically calculates (successfully) the hashkey in the line below
arg 0 ← Needs to be secret
byte base64 string-representing-sha256-of-arg0
Bottom line, how can i accomplish the above where “arg 0” remains secret ?
Otherwise, are there some best practices for securing the teal code for logicsigs.