This feature allows you to obscure data before sending it as part of the analytics payload.
With this feature, Apigee uses SHA512 to hash the original value before sending data from the runtime
plane to the control plane.
You can set the salt value for the hash with the
axHashSalt
property in the overrides.yaml file. The axHashSalt property specifies a
value used as a salt when computing SHA512 hashes to obfuscate sensitive analytics data. Apigee
recommends using the same value across different clusters that host the same Apigee organization.
Apply the value with the apigee-org chart with the following command:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eThis feature allows for the obfuscation of sensitive analytics data in Apigee hybrid versions 1.2 and newer by hashing specific fields using SHA512 before sending it from the runtime plane to the control plane.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eaxHashSalt\u003c/code\u003e property in the \u003ccode\u003eoverrides.yaml\u003c/code\u003e file is used to specify the salt value for the SHA512 hash, and it's recommended to use the same value across different clusters within the same Apigee organization.\u003c/p\u003e\n"],["\u003cp\u003eObfuscation can be enabled for each environment by setting \u003ccode\u003efeatures.analytics.data.obfuscation.enabled\u003c/code\u003e to \u003ccode\u003etrue\u003c/code\u003e using a \u003ccode\u003ePUT\u003c/code\u003e request, however, ensure to include all properties when using the PUT request, as it overwrites the entire property set.\u003c/p\u003e\n"],["\u003cp\u003eWith obfuscation enabled, Apigee hashes fields such as \u003ccode\u003eclient_ip\u003c/code\u003e, \u003ccode\u003edeveloper_email\u003c/code\u003e, \u003ccode\u003erequest_uri\u003c/code\u003e, \u003ccode\u003eproxy_pathsuffix\u003c/code\u003e, and others, ensuring sensitive data is protected and is reflected in analytics dashboards.\u003c/p\u003e\n"],["\u003cp\u003eNote that analytics reports will display unhashed data if it was communicated from the runtime plane before enabling obfuscation or after disabling the feature.\u003c/p\u003e\n"]]],[],null,["# Obfuscate user data for analytics\n\n| You are currently viewing version 1.13 of the Apigee hybrid documentation. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis feature allows you to obscure data before sending it as part of the analytics payload.\nWith this feature, Apigee uses SHA512 to hash the original value before sending data from the runtime\nplane to the control plane.\n\nFor additional information on using data obfuscation, including information on enabling the\nfeature in environments, see [Obfuscate user data for Apigee API Analytics](/apigee/docs/api-platform/analytics/obfuscate-user-data-for-analytics).\n\nSet the salt value in Apigee hybrid\n-----------------------------------\n\nYou can set the salt value for the hash with the\n[`axHashSalt`](/apigee/docs/hybrid/v1.13/config-prop-ref#axhashsalt)\nproperty in the `overrides.yaml` file. The `axHashSalt` property specifies a\nvalue used as a salt when computing SHA512 hashes to obfuscate sensitive analytics data. Apigee\nrecommends using the same value across different clusters that host the same Apigee organization.\nApply the value with the `apigee-org` chart with the following command: \n\n```\n helm upgrade ORG_NAME apigee-org/ \\\n --namespace apigee \\\n --atomic \\\n -f overrides.yaml\n \n```"]]
