LaunchDarkly Personal Token

Bridgecrew Policy ID: BC_GIT_52
Chekov Check ID: CKV_SECRET_52
Severity: LOW

LaunchDarkly Personal Token

Description

In LaunchDarkly, all REST API resources are authenticated with either personal or service access tokens, or session cookies. Other authentication mechanisms are not supported. You can manage personal access tokens on your Account settings page. You can configure a personal access token to have the same permissions that you do, or more restrictive permissions. Your personal tokens can never do more than you can in LaunchDarkly. Use a personal token when you want to access the LaunchDarkly API for your temporary or personal use.

Fix - Buildtime

LaunchDarkly

  1. Navigate to the Account settings page.
  2. Click into the Authorization tab.
  3. Find your token in the "Access tokens" section.
  4. Click the overflow menu for the token and select from the menu:
    "Delete token": Deletes the access token. If you delete a token, API calls made with that token return 401 Unauthorized status codes.

You can also use the REST API: Delete access token

curl -i -X DELETE \
  'https://app.launchdarkly.com/api/v2/tokens/{id}' \
  -H 'Authorization: YOUR_API_KEY_HERE'