This feature allows you to obscure data before sending it as part of the analytics payload.
With this feature, Apigee uses SHA512 to hash the original value before sending data from the runtime
plane to the control plane.
You can set the salt value for the hash with the
axHashSalt
property in the overrides.yaml file. The axHashSalt property specifies a
value used as a salt when computing SHA512 hashes to obfuscate sensitive analytics data. Apigee
recommends using the same value across different clusters that host the same Apigee organization.
Apply the value with the apigee-org chart with the following command:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis feature allows for the obfuscation of sensitive analytics data in Apigee hybrid by hashing specific fields with SHA512 before sending it from the runtime to the control plane.\u003c/p\u003e\n"],["\u003cp\u003eTo enable data obfuscation, the \u003ccode\u003efeatures.analytics.data.obfuscation.enabled\u003c/code\u003e property must be set to \u003ccode\u003etrue\u003c/code\u003e for each environment, which can be done using a \u003ccode\u003ePUT\u003c/code\u003e command in the environment's configuration.\u003c/p\u003e\n"],["\u003cp\u003eA salt value can be configured using the \u003ccode\u003eaxHashSalt\u003c/code\u003e property in the \u003ccode\u003eoverrides.yaml\u003c/code\u003e file, which is recommended to be consistent across clusters within the same Apigee organization for consistent hashing.\u003c/p\u003e\n"],["\u003cp\u003eThe obfuscated data, which includes fields like client IPs, request paths, and developer emails, will be visible in the Apigee hybrid analytics dashboard, though there may be a delay before the changes display.\u003c/p\u003e\n"],["\u003cp\u003eThis feature is only available for Apigee Hybrid version 1.2 and newer.\u003c/p\u003e\n"]]],[],null,["# Obfuscate user data for analytics\n\n| You are currently viewing version 1.14 of the Apigee hybrid documentation. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis feature allows you to obscure data before sending it as part of the analytics payload.\nWith this feature, Apigee uses SHA512 to hash the original value before sending data from the runtime\nplane to the control plane.\n\nFor additional information on using data obfuscation, including information on enabling the\nfeature in environments, see [Obfuscate user data for Apigee API Analytics](/apigee/docs/api-platform/analytics/obfuscate-user-data-for-analytics).\n\nSet the salt value in Apigee hybrid\n-----------------------------------\n\nYou can set the salt value for the hash with the\n[`axHashSalt`](/apigee/docs/hybrid/v1.14/config-prop-ref#axhashsalt)\nproperty in the `overrides.yaml` file. The `axHashSalt` property specifies a\nvalue used as a salt when computing SHA512 hashes to obfuscate sensitive analytics data. Apigee\nrecommends using the same value across different clusters that host the same Apigee organization.\nApply the value with the `apigee-org` chart with the following command: \n\n```\nhelm upgrade ORG_NAME apigee-org/ \\\n --namespace apigee \\\n --atomic \\\n -f overrides.yaml\n```"]]
