Secret specific to an app instance or installation

To support Forge data residency, I need to stop sending accountId to my analytics system outside of Forge (aka a remote), but instead sends an anonymous value unique for each user. And to help with the anonymization, the hash should be unique for a specific user and a specific installation of my app. Aka user Alice should have a different hash on https://company1.atlassian.net and https://company2.atlassian.net.

To do this, I could use the cloudId as a salt of my hash function, but it is public, so that is a very bad salt.

The other values I could find are the localId which seems to contain the appId and the envId. Are those values public ?

Is there any other value that I could use for my salt, which is known only to an installation of my app?

Or should I inject a salt as a secret env variable in my app, and then do something like:

import { createHash } from "node:crypto"

  hash.update(process.env.MY_SECRET_SALT + localId + accountId);
  const userHash = hash.digest('base64');
  console.log({ userHash});

The other solution I have in mind is to generate a secret during the app installation event, and store it in Forge storage. But that require an extra call to Forge storage, which is slow, for any analytics event.