https://www.growthbook.io/ logo
Join Slack
Powered by
hey there, i'm curious, is it possible to somehow ...
# ask-questions
n
hey there, i'm curious, is it possible to somehow hide the feature flag names in the api response when it is being loaded into a browser/mobile client?
f
you can turn on ciphered feature flags when setting up the SDK endpoint
n
i did turn it on
but it doesn't seem ciphered at all
i can see the feature names still
h
Are you using SDK encryption, one of the toggles in the Ciphered setting?
n
no i'm in the free plan still
is that just a paid plan feature?
i selected Ciphered, but didn't hit the toggles
h
That is correct, encryption is a Pro or Enterprise feature.
n
so how does it work? the api would return features without the actual names?
but the code would still reference it the same?
h
Yes, the code would still reference it the same way. In a client-side context (like the browser), think of it as very strong obfuscation. The app encodes the entire payload and the SDK decodes it to memory. It keeps most prying eyes off your feature names, but of course can be intercepted with enough effort.
of course if your feature names are exposed in public code, then they can also see what might exist
for 100% secure/hidden, you'd want to use "Remote Evaluated" (Pro, Enterprise) for your frontend SDKs, or use feature flags / experiments on your backend only.
n
awesome okay thanks for the information!!
it was just weird that i could select Ciphered, even though i couldn't select the sub-toggles haha
so i THOUGHT i had ciphered on
h
I can see how that is a bit misleading. The only free variant of "ciphered" is scrubbing your experiments' names and variation names. It's not very ciphered...
n
haha exactly
19 Views
Open in Slack
PreviousNext
Powered by