Hash Data
Last updated 3 weeks ago
The Hash Data workflow action generates a secure, one-way hash of one or two CRM property values using the algorithm of your choice. Use it to anonymize data, create deduplication keys, build unique record fingerprints, or hash credentials for secure storage.
How It Works
Add the Hash Data action to any contact, company, deal, or ticket workflow. When a record reaches this step, the app reads the selected property values, applies the chosen hashing algorithm, and returns the result for use in subsequent workflow steps.
Action Inputs
When you add the Hash Data action in the workflow editor, you will configure the following fields:
| Field | Required | Description |
|---|---|---|
| Primary Value | Yes | The primary value to hash |
| Secondary Value (Optional) | No | Optional second value to combine with primary value before hashing |
| Hash Algorithm | No | Select the hashing algorithm to use (SHA-256, SHA-512, MD5, bcrypt, or Argon2id) |
| Output Format | No | Choose output format (only applies to SHA-256, SHA-512, MD5) - Hexadecimal or Base64 |
| Separator | No | Separator when combining multiple fields (default: |) |
Choosing the right algorithm:
| Algorithm | Best For | Deterministic? |
|---|---|---|
| SHA-256 (Recommended) | General hashing, deduplication keys, data anonymization, record fingerprinting | Yes - same input always produces the same output |
| SHA-512 | High-security hashing where a longer output is preferred | Yes |
| MD5 (Legacy - Not Secure) | Compatibility with older systems that require MD5 | Yes |
| bcrypt (For Passwords) | Hashing passwords or credentials for secure storage | No - includes a random salt, so each hash is unique |
| Argon2id (Most Secure for Passwords) | Highest-security credential hashing, resistant to brute-force and GPU attacks | No - includes a random salt, so each hash is unique |
- For most use cases (deduplication, fingerprinting, anonymization), use SHA-256. It is fast, widely supported, and the same input always produces the same hash, which is essential for matching and comparison.
- Use SHA-512 when you need a longer hash output or your security policy requires it.
- Use MD5 only when integrating with a legacy system that specifically requires it. MD5 is not considered secure for new applications.
- Use bcrypt or Argon2id when hashing passwords or credentials. These algorithms are deliberately slow and include random salts, making them resistant to brute-force attacks. Because each hash is unique, they are not suitable for deduplication or matching.
Action Outputs
After the Hash Data action runs, the following output values are available for use in subsequent workflow steps:
| Output | Type | Description |
|---|---|---|
| Hashed Value | Text | The generated hash string |
| Algorithm Used | Text | Which algorithm was applied (useful if you run multiple hash actions in the same workflow) |
| Input Length | Number | The character length of the input that was hashed (after combining fields, if applicable) |
| Success | Yes/No | Whether the hashing completed successfully. Branch on this to handle errors gracefully. |
| Error Message | Text | If the action failed, a description of what went wrong |
Tip: To learn how to use these output values in later workflow actions (e.g., copy to a property, use in branching logic), see Using workflow action outputs in the HubSpot Knowledge Base.
Usage Examples
Anonymize Email Addresses for Analytics
Hash contact email addresses so you can use them in analytics and reporting without exposing personal information. Because SHA-256 is deterministic, the same email always produces the same hash, letting you track activity consistently.
- Primary Value: Email
- Algorithm: SHA-256
- Output Format: Hexadecimal
Create a Deduplication Key from Multiple Fields
Combine an email address and company name into a single hash to detect duplicate records across your CRM. Two records with the same email and company will produce the same hash.
- Primary Value: Email
- Secondary Value: Company Name
- Separator:
| - Algorithm: SHA-256
- Output Format: Hexadecimal
Hash Credentials for Secure Storage
If your workflow collects a password or API key through a form, hash it before storing. Use Argon2id for the strongest protection.
- Primary Value: the credential property
- Algorithm: Argon2id
- Output Format: (not applicable - Argon2id uses its own format)
Generate a Compact Fingerprint
When you need a shorter hash string - for example, to use as a reference ID in an external system - use Base64 encoding.
- Primary Value: Deal Name
- Secondary Value: Close Date
- Algorithm: SHA-256
- Output Format: Base64
Tips
- SHA-256 is the right choice for most scenarios. It is fast, deterministic, and produces a fixed-length output that works well as a deduplication key or anonymous identifier.
- Do not use bcrypt or Argon2id for deduplication or matching. These algorithms produce a different hash every time, even for the same input, because they include a random salt.
- MD5 is provided for legacy compatibility only. If you do not have a specific requirement for MD5, use SHA-256 instead.
- Empty values are handled gracefully. If the primary value is empty, the action returns an error rather than hashing an empty string. If the secondary value is empty, only the primary value is hashed.
- The separator matters for consistency. If you change the separator after hashing records, the resulting hashes will differ even if the input values are the same. Pick a separator and keep it consistent.
Thank you for your feedback!
Your input helps us improve our documentation.