I agree with others that getting the secret byte array from an assembly would be simple.
But there is a more general principle at play: if your security depends on the secrecy of some key, you should really make sure this key is never on a potentially compromised computer.
It doesn't matter if you use native C++ and/or use some sort of obfuscation, or something like that. When some key is on a computer of an user you don't trust, you should act as if the user knew that key.
In other words: the only safe place for such key is on a server you control and whose security you trust.