During SDK initialization, a configuration file is retrieved from Eppo's CDN, which includes information about the feature flag/experiment variations, traffic allocations, and targeting rules. The SDK stores these configurations locally for rapid lookup. However, when the SDK is initialized in certain mobile and browser clients, this configuration may be accessible by users, and so Eppo hashes data in the configuration to obfuscate it. The configuration cannot be hashed entirely without compromising functionality, so the hashed fields in the configuration that can be used without leaking sensitive data are shown below.
"allocations": [ ... ],
Targeting rule values are conditionally hashed
value field in
conditions may or may not be hashed depending on the configured
operator for the targeting rule in the allocation.
|is one of||hashed|
|is not one of||hashed|
|less than (<)||encoded|
|less than or equal (<=)||encoded|
|greater than (>)||encoded|
|greater than or equal (>=)||encoded|
The targeting rule's
operator is configured in the UI during allocation setup.
operator types that do not support hashing, we recommend against entering sensitive data for the
Allocation data is not hashed
Information about allocations is not hashed, which includes percent exposure and variation names and values. We therefore also recommend against entering sensitive data when configuring variations.
|SDK||Min version||Hashed data|
|Android||v0.3.0||feature flag key|