LaunchDarkly Personal Token
Description
General
- Documentation: https://docs.launchdarkly.com/home/account/api
- Summary: LaunchDarkly offers a SaaS to manage feature flags in the lifecycle of a project. Users can interact with their workspace via a REST API. This detector aims at catching personal access tokens used to authenticate to this API.
- IPs allowlist: This feature is not mentioned in the API documentation.
- Scopes: Personal access tokens can have three types of roles: reader, writer or admin. More recently fine-grained access tokens have been available on the platform.
Revoke the secret
To revoke the API key, go to the authorization section of the concerned account settings.
Check for suspicious activity
The last usage date is displayed in the same authorization section.
Details for LaunchDarkly Personal Token
-
Family: token
-
Category: ci_cd
-
Company: LaunchDarkly
-
High recall: True
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 0.08
-
Prefixed: True
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- api-
Examples
- text: |
"key": "LD-Key
"value": "api-44404887-8a6d-426e-9e81-27b1f6222222"
apikey: api-44404887-8a6d-426e-9e81-27b1f6222222
