Skip to main content

LaunchDarkly Personal Token



  • Documentation:
  • Summary: LaunchDarkly offers a SaaS to manage feature flags in the lifecycle of a project. Users can interact with their workspace via a REST API. This detector aims at catching personal access tokens used to authenticate to this API.
  • IPs allowlist: This feature is not mentioned in the API documentation.
  • Scopes: Personal access token can have three types of role: reader, writer or admin.

Revoke the secret#

To revoke the API key, go to the authorization section of the concerned account settings.

Check for suspicious activity#

The last usage date is displayed in the same authorization section.

Details for Launch darkly personal token#

  • Family: Api

  • Category: CI/CD

  • Company: LaunchDarkly

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.08

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - api-


- text: |    "key": "LD-Key    "value": "api-44404887-8a6d-426e-9e81-27b1f6222222"  apikey: api-44404887-8a6d-426e-9e81-27b1f6222222