- Documentation: https://apidocs.launchdarkly.com/reference
- Summary: LaunchDarkly offers a SaaS to manage feature flags in the lifecycle of a project. Users can interact with their workspace via a REST API. This detector aims at catching personal access tokens used to authenticate to this API.
- IPs allowlist: This feature is not mentioned in the API documentation.
- Scopes: Personal access token can have three types of role : reader, writer or admin.
To revoke the api key, go to the authorization section of the concerned account settings.
The last usage date is displayed in the same authorization section.
Launch darkly personal token#
Category: Development tool
High recall: True
Validity check available: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.08
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r)?html5?~?$ - ^[aps]?cssc?~?$ - ^lock$ - ^mdx?~?$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames:  check_binaries: false- type: ContentWhitelistPreValidator patterns: - api-
- text: | "key": "LD-Key "value": "api-44404887-8a6d-426e-9e81-27b1f6222222" apikey: api-44404887-8a6d-426e-9e81-27b1f6222222