LaunchDarkly Personal Token
- Documentation: https://apidocs.launchdarkly.com/reference
- Summary: LaunchDarkly offers a SaaS to manage feature flags in the lifecycle of a project. Users can interact with their workspace via a REST API. This detector aims at catching personal access tokens used to authenticate to this API.
- IPs allowlist: This feature is not mentioned in the API documentation.
- Scopes: Personal access token can have three types of role: reader, writer or admin.
#Revoke the secret
To revoke the API key, go to the authorization section of the concerned account settings.
#Check for suspicious activity
The last usage date is displayed in the same authorization section.
Launch darkly personal token#
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.08
- type: ContentWhitelistPreValidator patterns: - api-
- text: | "key": "LD-Key "value": "api-44404887-8a6d-426e-9e81-27b1f6222222" apikey: api-44404887-8a6d-426e-9e81-27b1f6222222