Hi there. I’m currently evaluating GrowthBook as a potential solution for our feature flagging an A/B testing needs and have a question about the interaction of attributes that are a

secureString

with regard to id list. Say I create a new user attribute called

hashed_user_id

and a ID list Y. And I also have a rule that is “turn feature X on when hashed_user_id is in ID list Y”. Do I then need to input the already hashed values in the ID list or the plain once? E.g. if I want to target a user with id 42, will I need to put “42" in the ID list or the result of

sha256(salt, 42)

. I would expect it to be the latter but I couldn’t really find a conclusive answer in the docs.

Hi Martain. In growthbook you would enter the values unhashed. In the SDK side, you would SHA256 hash the values when setting them to the attributes.

So the hashing on the GrowthBook server side is done by the server itself before serving it and you just enter your unhashed user ids in the UI. That makes sense, thank you 🙂

yes