이 기능을 사용하면 데이터를 분석 페이로드의 일부로 보내기 전에 숨길 수 있습니다.
Apigee는 이 기능으로 런타임 영역에서 컨트롤 플레인으로 데이터를 전송하기 전에 원래 값을 SHA512로 해시합니다.
절차
overrides.yaml 파일의 axHashSalt 속성을 사용하여 해시의 솔트 값을 설정할 수 있습니다. axHashSalt 속성은 민감한 분석 데이터를 난독화하기 위해 SHA512 해시를 계산할 때 솔트로 사용되는 값을 지정합니다. Apigee에서는 동일한 Apigee 조직을 호스팅하는 여러 다른 클러스터에서 동일한 값을 사용하는 것이 좋습니다. apigeectl로 값을 적용합니다.
features.analytics.data.obfuscation.enabled를 true로 설정하여 각 환경에 이 기능을 사용 설정합니다.
Apigee Hybrid 분석 대시보드에 난독화된 결과가 표시됩니다. 해시된 결과가 UI에 표시되는 데 몇 분 정도 걸릴 수 있습니다.
예
다음 예는 난독화 전과 후의 데이터를 보여줍니다.
// JSON data sent to AX before obfuscating{"proxy_basepath":"/APP_NAME","x-apigee.edge.execution.stats.request_flow_endtimestamp":1582770652814,"apiproxy":"APP_NAME","x-apigee.edge.is_policy_error":0,"client_sent_start_timestamp":1582770652817,"x-apigee.edge.is_target_error":0,"client_received_start_timestamp":1582770652813,"client_ip":"10.10.0.99","is_error":false,"x-apigee.edge.stats.steps":"{\"JS1.0\":1}","request_size":0,"x-apigee.intelligence.client_ip_header":"10.10.0.99","virtual_host":"default","x-apigee.edge.mp_host":"mp","sla":false,"x-apigee.intelligence.service":"{}","client_sent_end_timestamp":1582770652817,"request_uri":"/APP_NAME","proxy":"default","proxy_client_ip":"10.10.0.99","x-apigee.edge.dn.region":"dc-1","apigee.edge.execution.is_apigee_fault":0,"x-apigee.edge.target.latency.stats":"{\"targetList\":[]}","useragent":"Apache-HttpClient/4.3.6 (java 1.6)","proxy_pathsuffix":"","x-apigee.edge.execution.stats.request_flow_start_timestamp":1582770652814,"x_forwarded_for_ip":"10.10.0.99","x_forwarded_proto":"http","response_status_code":200,"request_verb":"GET","x-apigee.edge.execution.stats.response_flow_end_timestamp":1582770652816,"gateway_source":"message_processor","environment":"env_82hw","client_received_end_timestamp":1582770652814,"organization":"Org_1582769880344","x-apigee.edge.execution.stats.response_flow_start_timestamp":1582770652814,"request_path":"/APP_NAME","gateway_flow_id":"rt-8644-188-1","apiproxy_revision":"1"}
// JSON data sent to AX after obfuscating{"proxy_basepath":"/APP_NAME","x-apigee.edge.execution.stats.request_flow_endtimestamp":1582749361836,"apiproxy":"APP_NAME","x-apigee.edge.is_policy_error":0,"client_sent_start_timestamp":1582749361884,"x-apigee.edge.is_target_error":0,"client_received_start_timestamp":1582749361790,"client_ip":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445","is_error":false,"x-apigee.edge.stats.steps":"{\"JS1.0\":30}","request_size":0,"x-apigee.intelligence.client_ip_header":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445","virtual_host":"default","x-apigee.edge.mp_host":"mp","sla":false,"x-apigee.intelligence.service":"{}","client_sent_end_timestamp":1582749361886,"request_uri":"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a","proxy":"default","proxy_client_ip":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445","x-apigee.edge.dn.region":"dc-1","apigee.edge.execution.is_apigee_fault":0,"x-apigee.edge.target.latency.stats":"{\"targetList\":[]}","useragent":"Apache-HttpClient/4.3.6 (java 1.6)","proxy_pathsuffix":"cf83e1.67eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81.638327af927da3e","x-apigee.edge.execution.stats.request_flow_start_timestamp":1582749361833,"x_forwarded_for_ip":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445","x_forwarded_proto":"http","response_status_code":200,"request_verb":"GET","x-apigee.edge.execution.stats.response_flow_end_timestamp":1582749361874,"gateway_source":"message_processor","environment":"env_xj25","client_received_end_timestamp":1582749361821,"organization":"Org_1582749068984","x-apigee.edge.execution.stats.response_flow_start_timestamp":1582749361836,"request_path":"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a","gateway_flow_id":"rt-6290-57-1","apiproxy_revision":"1"}
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-05(UTC)"],[[["\u003cp\u003eThis document outlines how to enable data obfuscation in Apigee hybrid, which uses SHA512 to hash sensitive data before sending analytics from the runtime plane to the control plane.\u003c/p\u003e\n"],["\u003cp\u003eYou can configure the SHA512 hash salt value using the \u003ccode\u003eaxHashSalt\u003c/code\u003e property in the \u003ccode\u003eoverrides.yaml\u003c/code\u003e file and apply it via \u003ccode\u003eapigeectl\u003c/code\u003e, and it's recommended to use the same salt value across different clusters for the same organization.\u003c/p\u003e\n"],["\u003cp\u003eEnabling data obfuscation is done by setting \u003ccode\u003efeatures.analytics.data.obfuscation.enabled\u003c/code\u003e to \u003ccode\u003etrue\u003c/code\u003e for each environment using a PUT request, being sure to include the entire property set.\u003c/p\u003e\n"],["\u003cp\u003eOnce enabled, several fields, including \u003ccode\u003eclient_id\u003c/code\u003e, \u003ccode\u003eclient_ip\u003c/code\u003e, \u003ccode\u003edeveloper_email\u003c/code\u003e, and others, will be hashed at the runtime plane before being sent to the analytics backend, and many will also be obfuscated in custom reports.\u003c/p\u003e\n"],["\u003cp\u003eThe Apigee hybrid analytics dashboard will display the obfuscated, hashed data, and note that analytics reports will show unhashed data for any information communicated before enabling, or after disabling obfuscation.\u003c/p\u003e\n"]]],[],null,["# Obfuscate user data for analytics\n\n| You are currently viewing version 1.10 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis feature allows you to obscure data before sending it as part of the analytics payload.\nWith this feature, Apigee uses SHA512 to hash the original value before sending data from the runtime\nplane to the control plane.\n\nProcedure\n---------\n\nYou can set the salt value for the hash with the\n[`axHashSalt`](/apigee/docs/hybrid/v1.10/config-prop-ref#axhashsalt)\nproperty in the `overrides.yaml` file. The `axHashSalt` property specifies a value\nused as a salt when computing SHA512 hashes to obfuscate sensitive analytics data. Apigee recommends using the same value across different clusters that host\nthe same Apigee organization. Apply the value with [`apigeectl`](/apigee/docs/hybrid/v1.10/cli-reference).\n\nEnable this feature for each environment by setting `features.analytics.data.obfuscation.enabled` to **true**.\nWhen using `PUT`, be careful to include the entire set of properties for your environment. PUT overwrites the entire property set each time you issue it. \n\n```\ncurl -v -X PUT \\\n https://apigee.googleapis.com/v1/organizations/your_org_name/environments/your_env_name \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\n \"name\" : \"your_env_name\",\n \"properties\" : {\n \"property\" : [ {\n \"name\" : \"features.analytics.data.obfuscation.enabled\",\n \"value\" : \"true\"\n },]\n }\n}'\n```\n\n\nWith obfuscation enabled, Apigee hybrid will hash the following fields with SHA512 at the runtime plane before\nsending the information to analytics backend:\n\n- client_id\n- client_ip\n- developer_email\n- proxy_client_ip\n- proxy_pathsuffix\n- request_uri\n- request_path\n- target_basepath\n- target_url\n- x_forwarded_for_ip\n- x-apigee.edge.true_client_ip\n- x-apigee.intelligence.client_ip_header\n\nApigee hybrid will hash the following dimension values in custom analytics reports:\n\n- Client ID\n- Client IP Address\n- Developer Email\n- Proxy Client IP\n- Proxy Path Suffix\n- Referred Client IP\n- Request Path\n- Request URI\n- Resolved Client IP\n- Target Base Path\n- Target URL\n- X Forwarded For\n\nSee [Analytics metrics, dimensions, and filters reference](https://docs.apigee.com/api-platform/analytics/analytics-reference#dimensions) for detailed descriptions of analytics dimensions.\n\nViewing obfuscated results\n--------------------------\n\n\nThe obfuscated results display in the Apigee hybrid analytics dashboard. It may take several\nminutes before you see the hashed results in the UI.\n\n| **Note:** Analytics reports will display unhashed data communicated from the runtime plane before you enabled obfuscating or after you disable it. \n\nExample\n-------\n\n\nThe following example shows the data before and after obfuscating: \n\n```scilab\n// JSON data sent to AX before obfuscating\n{\n \"proxy_basepath\":\"/APP_NAME\",\n \"x-apigee.edge.execution.stats.request_flow_endtimestamp\":1582770652814,\n \"apiproxy\":\"APP_NAME\",\n \"x-apigee.edge.is_policy_error\":0,\n \"client_sent_start_timestamp\":1582770652817,\n \"x-apigee.edge.is_target_error\":0,\n \"client_received_start_timestamp\":1582770652813,\n \"client_ip\":\"10.10.0.99\",\n \"is_error\":false,\n \"x-apigee.edge.stats.steps\":\"{\\\"JS1.0\\\":1}\",\n \"request_size\":0,\n \"x-apigee.intelligence.client_ip_header\":\"10.10.0.99\",\n \"virtual_host\":\"default\",\n \"x-apigee.edge.mp_host\":\"mp\",\n \"sla\":false,\n \"x-apigee.intelligence.service\":\"{}\",\n \"client_sent_end_timestamp\":1582770652817,\n \"request_uri\":\"/APP_NAME\",\n \"proxy\":\"default\",\n \"proxy_client_ip\":\"10.10.0.99\",\n \"x-apigee.edge.dn.region\":\"dc-1\",\n \"apigee.edge.execution.is_apigee_fault\":0,\n \"x-apigee.edge.target.latency.stats\":\"{\\\"targetList\\\":[]}\",\n \"useragent\":\"Apache-HttpClient/4.3.6 (java 1.6)\",\n \"proxy_pathsuffix\":\"\",\n \"x-apigee.edge.execution.stats.request_flow_start_timestamp\":1582770652814,\n \"x_forwarded_for_ip\":\"10.10.0.99\",\n \"x_forwarded_proto\":\"http\",\n \"response_status_code\":200,\n \"request_verb\":\"GET\",\n \"x-apigee.edge.execution.stats.response_flow_end_timestamp\":1582770652816,\n \"gateway_source\":\"message_processor\",\n \"environment\":\"env_82hw\",\n \"client_received_end_timestamp\":1582770652814,\n \"organization\":\"Org_1582769880344\",\n \"x-apigee.edge.execution.stats.response_flow_start_timestamp\":1582770652814,\n \"request_path\":\"/APP_NAME\",\n \"gateway_flow_id\":\"rt-8644-188-1\",\n \"apiproxy_revision\":\"1\"\n}\n``` \n\n```scilab\n// JSON data sent to AX after obfuscating\n{\n \"proxy_basepath\":\"/APP_NAME\",\n \"x-apigee.edge.execution.stats.request_flow_endtimestamp\":1582749361836,\n \"apiproxy\":\"APP_NAME\",\n \"x-apigee.edge.is_policy_error\":0,\n \"client_sent_start_timestamp\":1582749361884,\n \"x-apigee.edge.is_target_error\":0,\n \"client_received_start_timestamp\":1582749361790,\n \"client_ip\":\"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445\",\n \"is_error\":false,\n \"x-apigee.edge.stats.steps\":\"{\\\"JS1.0\\\":30}\",\n \"request_size\":0,\n \"x-apigee.intelligence.client_ip_header\":\"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445\",\n \"virtual_host\":\"default\",\n \"x-apigee.edge.mp_host\":\"mp\",\n \"sla\":false,\n \"x-apigee.intelligence.service\":\"{}\",\n \"client_sent_end_timestamp\":1582749361886,\n \"request_uri\":\"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a\",\n \"proxy\":\"default\",\n \"proxy_client_ip\":\"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445\",\n \"x-apigee.edge.dn.region\":\"dc-1\",\n \"apigee.edge.execution.is_apigee_fault\":0,\n \"x-apigee.edge.target.latency.stats\":\"{\\\"targetList\\\":[]}\",\n \"useragent\":\"Apache-HttpClient/4.3.6 (java 1.6)\",\n \"proxy_pathsuffix\":\"cf83e1.67eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81.638327af927da3e\",\n \"x-apigee.edge.execution.stats.request_flow_start_timestamp\":1582749361833,\n \"x_forwarded_for_ip\":\"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445\",\n \"x_forwarded_proto\":\"http\",\n \"response_status_code\":200,\n \"request_verb\":\"GET\",\n \"x-apigee.edge.execution.stats.response_flow_end_timestamp\":1582749361874,\n \"gateway_source\":\"message_processor\",\n \"environment\":\"env_xj25\",\n \"client_received_end_timestamp\":1582749361821,\n \"organization\":\"Org_1582749068984\",\n \"x-apigee.edge.execution.stats.response_flow_start_timestamp\":1582749361836,\n \"request_path\":\"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a\",\n \"gateway_flow_id\":\"rt-6290-57-1\",\n \"apiproxy_revision\":\"1\"\n}\n```"]]
