No results for ""
EXPAND ALL
  • Home
  • API docs

LaunchDarkly in federal environments

Read time: 4 minutes
Last edited: Oct 29, 2024

Overview

This topic explains how the version of LaunchDarkly that is available on domains controlled by the United States government is different from the version of LaunchDarkly available to the general public. If you are an employee or contractor for a United States federal agency and use LaunchDarkly in your work, you likely use the federal instance of LaunchDarkly. This instance is compliant with the United States government's Federal Risk and Authorization Management Program (FedRAMP).

In order to maintain FedRAMP compliance, LaunchDarkly's federal instance uses enhanced infrastructure and security configurations compared to the generally available instance of LaunchDarkly. Many components that function automatically in the generally available instance instead use encryption, authentication, or require authorization to perform functions in the federal instance. In addition, third-party components that are federally compliant, such as AWS and Datadog, have policies and agents enabled to maintain compliance when connecting to LaunchDarkly.

The federal version of this docs site

You can view a federal instance-specific version of this documentation site.

The federal version of the docs site is different from the standard version in the following ways:

  • Federal instance URLs display with .us URLs, including within code samples. To learn more, read Federal instance URLs.
  • Features and integrations that the federal instance does not support are marked with a warning message. To learn more, read Supported features.

To view the federal instance-specific version of this documentation site, change the site version menu to "Federal docs":

The site version menu with "Federal docs" selected.
The site version menu with "Federal docs" selected.

Features available in the federal instance

The LaunchDarkly federal instance has near-parity with the generally available LaunchDarkly instance. There are some exceptions, which are explained below.

Supported features

The federal instance supports the following features:

The federal instance does not support the following features:

Supported integrations

Integrations connect LaunchDarkly to other systems and move data between them. However, not all of the following connected systems are FedRAMP-authorized, so you may need additional approvals from your FedRAMP sponsor to use them. It is your responsibility as a LaunchDarkly customer to ensure that any systems you connect to LaunchDarkly are authorized appropriately.

The federal instance supports the following integrations:

The federal instance does not support any other LaunchDarkly integrations.

Federal instance URLs

The federal instance, including the LaunchDarkly application, the federal instance API, and some SDK initialization option settings, does not use the standard .com URL path. Instead, it uses the US government's .us URL path. If application or network layer firewalls are in use on your network, they will need to allowlist these URLs for LaunchDarkly to function properly.

These URLs include:

  • https://app.launchdarkly.us
  • https://clientsdk.launchdarkly.us
  • https://clientstream.launchdarkly.us
  • https://events.launchdarkly.us
  • https://sdk.launchdarkly.us
  • https://stream.launchdarkly.us

Initialize an SDK for the federal instance

You can initialize an SDK for the federal instance using the initialization options for the SDK.

Depending on the SDK, you may need to configure multiple service endpoints in the initialization options. These could include the base and polling endpoint, streaming endpoint, and events endpoint. Server-side SDKs normally require streaming and events settings, not polling. For a list of available service endpoints, read Federal instance URLs.

The details of how to set these options differ between SDKs, as LaunchDarkly respects each language's URI and URL naming conventions and supported services. For this reason, it is critical to reference the documentation for each individual SDK.

Configure your SDK: Service endpoint configuration

Use open-source LaunchDarkly components with FIPS 140-2 encryption

If you are using the LaunchDarkly Relay Proxy or code references, you may need to take additional steps to ensure these components are using FIPS 140-2 validated encryption modules. The LaunchDarkly federal instance uses FIPS 140-2 validated encryption modules in all applicable places. To learn more, read LaunchDarkly in environments requiring FIPS 140-2 validated encryption modules.