Reference

set anon global-key

Available since

  • HAProxy 2.7
  • HAProxy Enterprise 2.7r1

Set the global anonymizing key.

Description Jump to heading

Set the global anonymizing key, which must be a 32-bit integer between 0 and 4294967295 (0 disables the global key). This command requires admin privilege.

In anonymized mode, fields in command outputs that are considered sensitive or confidential are obscured with hashes. To enable anonymized mode, use the set anon CLI command.

Warning

Do not share the key unless necessary. It can be used to reveal hidden sensitive information.

The set anon global-key command applies only to the current API session. Therefore, it has no effect unless combined with other commands in the same session.

Examples Jump to heading

Enable anonymization and set the key for a show sess inline command, where the commands run once and then exit:

bash
echo "set anon on; set anon global-key 123456; show sess" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
bash
echo "set anon on; set anon global-key 123456; show sess" | \
sudo socat stdio tcp4-connect:127.0.0.1:9999
output
bash
0x56295ad1dcb0: proto=tcpv4 src=3129d1:60985 fe=1d10c8 be=7c69ee srv=f908f6
ts=00 epoch=0x1 age=16s calls=3 rate=0 cpu=0 lat=0 rq[f=49c40000h,i=0,an=8000h,rx=,wx=,ax=]
rp[f=80400000h,i=0,an=1400000h,rx=4m55s,wx=,ax=] scf=[8,80h,fd=86] scb=[8,11h,fd=42] exp=4m55s rc=0 c_exp=
output
bash
0x56295ad1dcb0: proto=tcpv4 src=3129d1:60985 fe=1d10c8 be=7c69ee srv=f908f6
ts=00 epoch=0x1 age=16s calls=3 rate=0 cpu=0 lat=0 rq[f=49c40000h,i=0,an=8000h,rx=,wx=,ax=]
rp[f=80400000h,i=0,an=1400000h,rx=4m55s,wx=,ax=] scf=[8,80h,fd=86] scb=[8,11h,fd=42] exp=4m55s rc=0 c_exp=

Enable anonymization and set the key in an interactive session:

  • Connect to the Runtime API socket.
  • Start an interactive session.
  • Enable anonymization.
  • Set the hash key.
  • Use a command that will now have its output anonymized.
bash
sudo socat stdio tcp4-connect:127.0.0.1:9999
prompt
set anon on
set anon global-key 123456
show sess
bash
sudo socat stdio tcp4-connect:127.0.0.1:9999
prompt
set anon on
set anon global-key 123456
show sess
output
bash
0x56295ad1dcb0: proto=tcpv4 src=3129d1:60985 fe=1d10c8 be=7c69ee srv=f908f6
ts=00 epoch=0x1 age=16s calls=3 rate=0 cpu=0 lat=0 rq[f=49c40000h,i=0,an=8000h,rx=,wx=,ax=]
rp[f=80400000h,i=0,an=1400000h,rx=4m55s,wx=,ax=] scf=[8,80h,fd=86] scb=[8,11h,fd=42] exp=4m55s rc=0 c_exp=
output
bash
0x56295ad1dcb0: proto=tcpv4 src=3129d1:60985 fe=1d10c8 be=7c69ee srv=f908f6
ts=00 epoch=0x1 age=16s calls=3 rate=0 cpu=0 lat=0 rq[f=49c40000h,i=0,an=8000h,rx=,wx=,ax=]
rp[f=80400000h,i=0,an=1400000h,rx=4m55s,wx=,ax=] scf=[8,80h,fd=86] scb=[8,11h,fd=42] exp=4m55s rc=0 c_exp=

See also Jump to heading

If this page was useful, please, Leave the feedback.