• Home
  • Integrations
  • SDKs
  • Guides
  • API docs
    No results for ""
    EXPAND ALL

    EDIT ON GITHUB

    LaunchDarkly in federal environments

    Read time: 3 minutes
    Last edited: Oct 31, 2022

    Overview

    This topic explains how the version of LaunchDarkly that is available on domains controlled by the United States government is different from the version of LaunchDarkly available to the general public. If you are an employee or contractor for a United States federal agency and use LaunchDarkly in your work, you likely use the federal instance of LaunchDarkly. This instance is compliant with the United States government's Federal Risk and Authorization Management Program (FedRAMP).

    In order to maintain FedRAMP compliance, LaunchDarkly's federal instance uses enhanced infrastructure and security configurations compared to the generally available instance of LaunchDarkly. Many components that function automatically in the generally available instance instead use encryption, authentication, or require authorization to perform functions in the federal instance. In addition, third-party components that are federally compliant, such as AWS and Datadog, have policies and agents enabled to maintain compliance when connecting to LaunchDarkly.

    Using the federal version of this docs site

    You can view a federal instance-specific version of this documentation site.

    The federal version of the docs site is different from the standard version in the following ways:

    • Federal instance URLs display with.us URLs, including within code samples. To learn more, read Understanding federal instance URLs.
    • Features and integrations that the federal instance does not support are marked with a warning message. To learn more, read Supported features.

    To view the federal instance-specific version of this documentation site, change the site version menu to "Federal docs":

    The site version menu with "Federal docs" selected.
    The site version menu with "Federal docs" selected.

    Understanding which features are available in the federal instance

    The LaunchDarkly federal instance has near-parity with the generally available LaunchDarkly instance. There are some exceptions, which are explained below.

    Supported features

    The federal instance supports the following features:

    The federal instance does not support the following features:

    Supported integrations

    Only FedRAMP-compliant integrations are available on the federal instance of LaunchDarkly. Integrations connect LaunchDarkly to other systems and move data between them, so connected systems must also be FedRAMP-compliant.

    The federal instance supports the following integrations:

    The federal instance does not support any other LaunchDarkly integrations.

    Understanding federal instance URLs

    The federal instance, including the LaunchDarkly application, the federal instance API, and some SDK initialization option settings, does not use the standard .com URL path. Instead, it uses the US government's .us URL path. If application or network layer firewalls are in use on your network, they will need to allowlist these URLs for LaunchDarkly to function properly.

    These URLs include:

    Initializing an SDK for the federal instance

    You can initialize an SDK for the federal instance using the initialization options for the SDK.

    Depending on the SDK, you may need to configure multiple service endpoints in the initialization options. These could include the base and polling endpoint, streaming endpoint, and events endpoint. Server-side SDKs normally require streaming and events settings, not polling. For a list of available service endpoints, read Understanding federal instance URLs.

    The details of how to set these options differ between SDKs, as LaunchDarkly respects each language's URI and URL naming conventions and supported services. For this reason, it is critical to reference the documentation for each individual SDK. To learn how, read Service endpoint configuration.

    Using open-source LaunchDarkly components with FIPS 140-2 encryption

    If you are using the LaunchDarkly Relay Proxy or code references, you may need to take additional steps to ensure these components are using FIPS 140-2 validated encryption modules. The LaunchDarkly federal instance uses FIPS 140-2 validated encryption modules in all applicable places. To learn more, read LaunchDarkly in environments requiring FIPS 140-2 validated encryption modules.