Skip to content

LaunchDarkly API Key

Service Name: LaunchDarkly

Service Description: LaunchDarkly is a feature management platform that enables development teams to safely deliver and control software through feature flags. It allows teams to separate code deployments from feature releases, test features before releasing them, and target specific users or segments.

Service Address: https://launchdarkly.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through LaunchDarkly's Access Management settings.

Secret Access Scope: Grants programmatic access to LaunchDarkly's API, allowing management of feature flags, environments, projects, and other resources depending on the key's permissions.

Secret Revokement URL: https://app.launchdarkly.com/settings/authorization/tokens

Secret Example: api-12345abcde-67890fghij-klmno

Suspicious Activity Investigation Instructions:

  • Review LaunchDarkly audit logs for unusual API calls or flag changes
  • Check for unexpected feature flag modifications or environment changes
  • Monitor for unauthorized project access or new flag creations
  • Review API usage patterns for abnormal request volumes or patterns
  • Check for flag targeting changes that may affect production environments

Mitigation Instructions:

  • Log in to your LaunchDarkly account at https://app.launchdarkly.com

  • Navigate to Account settings > Authorization > Access tokens

  • Locate the compromised API key
  • Click the delete button (trash icon) next to the token
  • Confirm deletion when prompted
  • Create a new API key with appropriate permissions if needed
  • Update all legitimate applications and services with the new key
  • Review audit logs to understand the scope of potential compromise
  • Check for any unauthorized changes to feature flags or environments