• Home
  • Integrations
  • SDKs
  • Guides
  • API docs
No results for ""
EXPAND ALL

EDIT ON GITHUB

LaunchDarkly in federal environments

Read time: 2 minutes
Last edited: May 20, 2022

Overview

This topic explains how the version of LaunchDarkly that is available on domains controlled by the United States government is different from the version of LaunchDarkly available to the general public. If you are an employee or contractor for a United States federal agency and use LaunchDarkly in your work, you likely use the federal instance of LaunchDarkly. This instance is compliant with the United States government's Federal Risk and Authorization Management Program (FedRAMP).

In order to maintain FedRAMP compliance, LaunchDarkly's federal instance uses enhanced infrastructure and security configurations compared to the generally available instance of LaunchDarkly. Many components that function automatically in the generally available instance instead use encryption, authentication, or require authorization to perform functions in the federal instance. In addition, third-party components that are federally compliant, such as AWS and Datadog, have policies and agents enabled to maintain compliance when connecting to LaunchDarkly.

Understanding which features are available to the federal instance

The LaunchDarkly federal instance has near-parity with the generally available LaunchDarkly instance. There are some exceptions, which are explained below.

The federal instance includes:

  • Core flagging features through the LaunchDarkly application and API
  • Code references, if the ld-find-code-refs utility is compiled with FIPS 140-2 support
  • Customer metrics
  • Data Export to Azure Event Hubs and Amazon Kinesis destinations
  • Experimentation
  • The Relay Proxy
  • SDKs

Understanding federal instance URLs

The federal instance does not use the common ".com" URL path. Instead, it uses the US government's path: ".us." When you navigate to LaunchDarkly federal application, use the federal instance API, or initialize your SDK to the federal instance, you must replace the generally available ".com" URLs with URLs that end in ".us."

If application or network layer firewalls are in use on your network, they will need to allowlist these URLs for LaunchDarkly to function properly.

For example:

Initializing an SDK for the federal instance

You can initialize an SDK for the federal instance using the initialization "options" settings for the SDK. You can also find configuration options in the generated API reference for each SDK. Depending on the SDK, it may require you to configure multiple service endpoints in the initialization options. These could include the base and polling endpoint, streaming endpoint, and an events endpoint. For an example of the initialization options for Node.js, read Node.js SDK reference (client-side).

The option key value pair names may differ between SDKs, as LaunchDarkly respects each language's URI and URL naming conventions and supported services. For this reason, it is critical to reference the documentation for each individual SDK.

Here is an example for the React SDK:

async () => {
// Set clientSideID to your own Client-side ID. You can find this in
// the LaunchDarkly app under Account settings / Projects
const LDProvider = await asyncWithLDProvider({
clientSideID: 'your-client-side-ID-here',
user: {
"key":"samplekey", "name":"First Last", "email":"example@yourdomain.com"
},
options: {
baseUrl:"https://sdk.launchdarkly.us",
streamUrl:"https://clientstream.launchdarkly.us",
eventsUrl:"https://events.launchdarkly.us"
},
deferInitialization: false
});

Server-side SDKs normally require streaming and events settings, not polling.

Here is an example for the Java SDK:

LDConfig config = new LDConfig.Builder()
.dataSource(Components.streamingDataSource()
.baseURI(URI.create("https://stream.launchdarkly.us"))
.events(Components.sendEvents()
.baseURI(URI.create("https://events.launchdarkly.us"))
.build();

For additional language syntax examples for setting configuration options, read Using proxy mode. To use the examples, change the Relay Proxy URL to the respective federal instance URLs. For a list of available service endpoints, read Understanding federal instance URLs.

Understanding which features have minimal support or are unsupported

FedRAMP-compliant integrations are available on the federal instance of LaunchDarkly. This is because integrations connect LaunchDarkly to other systems and move data between them, so connected systems must also be FedRAMP-compliant.

The federal instance supports the following integrations:

The federal instance does not include: