This feature allows you to obscure data before sending it as part of the analytics payload.
With this feature, Apigee uses SHA512 to hash the original value before sending data from the runtime
plane to the control plane.
You can set the salt value for the hash with the
axHashSalt
property in the overrides.yaml file. The axHashSalt property specifies a
value used as a salt when computing SHA512 hashes to obfuscate sensitive analytics data. Apigee
recommends using the same value across different clusters that host the same Apigee organization.
Apply the value with the apigee-org chart with the following command:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis document outlines a feature in Apigee hybrid 1.2 and newer that obfuscates sensitive analytics data by hashing it with SHA512 before it's sent from the runtime plane to the control plane.\u003c/p\u003e\n"],["\u003cp\u003eYou can configure the salt value used for hashing via the \u003ccode\u003eaxHashSalt\u003c/code\u003e property in the \u003ccode\u003eoverrides.yaml\u003c/code\u003e file, and it's recommended to maintain the same salt value across clusters within the same Apigee organization.\u003c/p\u003e\n"],["\u003cp\u003eThe obfuscation feature can be enabled for specific environments by setting \u003ccode\u003efeatures.analytics.data.obfuscation.enabled\u003c/code\u003e to \u003ccode\u003etrue\u003c/code\u003e using a \u003ccode\u003ePUT\u003c/code\u003e request, ensuring all environment properties are included to avoid overwriting.\u003c/p\u003e\n"],["\u003cp\u003eWith this feature enabled, fields like \u003ccode\u003eclient_id\u003c/code\u003e, \u003ccode\u003eclient_ip\u003c/code\u003e, \u003ccode\u003edeveloper_email\u003c/code\u003e, and others are hashed, and the obfuscated data will be visible in the Apigee hybrid analytics dashboard after a short delay.\u003c/p\u003e\n"],["\u003cp\u003eData sent before enabling obfuscation, or after disabling it, will display as unhashed in the analytics reports, and the document also showcases an example of data before and after being obfuscated.\u003c/p\u003e\n"]]],[],null,["# Obfuscate user data for analytics\n\n| You are currently viewing version 1.11 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis feature allows you to obscure data before sending it as part of the analytics payload.\nWith this feature, Apigee uses SHA512 to hash the original value before sending data from the runtime\nplane to the control plane.\n\nFor additional information on using data obfuscation, including information on enabling the\nfeature in environments, see [Obfuscate user data for Apigee API Analytics](/apigee/docs/api-platform/analytics/obfuscate-user-data-for-analytics).\n\nSet the salt value in Apigee hybrid\n-----------------------------------\n\nYou can set the salt value for the hash with the\n[`axHashSalt`](/apigee/docs/hybrid/v1.11/config-prop-ref#axhashsalt)\nproperty in the `overrides.yaml` file. The `axHashSalt` property specifies a\nvalue used as a salt when computing SHA512 hashes to obfuscate sensitive analytics data. Apigee\nrecommends using the same value across different clusters that host the same Apigee organization.\nApply the value with the `apigee-org` chart with the following command: \n\n```\n helm upgrade ORG_NAME apigee-org/ \\\n --namespace apigee \\\n --atomic \\\n -f overrides.yaml\n \n```"]]
