Skip to main content

LaunchDarkly Personal Token

Description#

General#

  • Documentation: https://apidocs.launchdarkly.com/reference
  • Summary: LaunchDarkly offers a SaaS to manage feature flags in the lifecycle of a project. Users can interact with their workspace via a REST API. This detector aims at catching personal access tokens used to authenticate to this API.
  • IPs allowlist: This feature is not mentioned in the API documentation.
  • Scopes: Personal access token can have three types of role : reader, writer or admin.

Revoke the secret#

To revoke the api key, go to the authorization section of the concerned account settings.

Check for suspicious activity#

The last usage date is displayed in the same authorization section.

Details for Launch darkly personal token#

  • Category: Development tool

  • Company: LaunchDarkly

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.08

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - api-

Examples#

- text: |    "key": "LD-Key    "value": "api-44404887-8a6d-426e-9e81-27b1f6222222"  apikey: api-44404887-8a6d-426e-9e81-27b1f6222222