LaunchDarkly Personal Token
#
Description#
General- Documentation: https://apidocs.launchdarkly.com/reference
- Summary: LaunchDarkly offers a SaaS to manage feature flags in the lifecycle of a project. Users can interact with their workspace via a REST API. This detector aims at catching personal access tokens used to authenticate to this API.
- IPs allowlist: This feature is not mentioned in the API documentation.
- Scopes: Personal access token can have three types of role: reader, writer or admin.
#
Revoke the secretTo revoke the API key, go to the authorization section of the concerned account settings.
#
Check for suspicious activityThe last usage date is displayed in the same authorization section.
Launch darkly personal token
#
Details for Family: Api
Category: CI/CD
Company: LaunchDarkly
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.08
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator patterns: - api-
#
Examples- text: | "key": "LD-Key "value": "api-44404887-8a6d-426e-9e81-27b1f6222222" apikey: api-44404887-8a6d-426e-9e81-27b1f6222222