LaunchDarkly in federal environments
Read time: 3 minutes
Last edited: Feb 27, 2023
This topic explains how the version of LaunchDarkly that is available on domains controlled by the United States government is different from the version of LaunchDarkly available to the general public. If you are an employee or contractor for a United States federal agency and use LaunchDarkly in your work, you likely use the federal instance of LaunchDarkly. This instance is compliant with the United States government's Federal Risk and Authorization Management Program (FedRAMP).
In order to maintain FedRAMP compliance, LaunchDarkly's federal instance uses enhanced infrastructure and security configurations compared to the generally available instance of LaunchDarkly. Many components that function automatically in the generally available instance instead use encryption, authentication, or require authorization to perform functions in the federal instance. In addition, third-party components that are federally compliant, such as AWS and Datadog, have policies and agents enabled to maintain compliance when connecting to LaunchDarkly.
Using the federal version of this docs site
You can view a federal instance-specific version of this documentation site.
The federal version of the docs site is different from the standard version in the following ways:
- Federal instance URLs display with
.usURLs, including within code samples. To learn more, read Understanding federal instance URLs.
- Features and integrations that the federal instance does not support are marked with a warning message. To learn more, read Supported features.
To view the federal instance-specific version of this documentation site, change the site version menu to "Federal docs":
Understanding which features are available in the federal instance
The LaunchDarkly federal instance has near-parity with the generally available LaunchDarkly instance. There are some exceptions, which are explained below.
The federal instance supports the following features:
- Core flagging features through the LaunchDarkly application and API
- Code references, if the
ld-find-code-refsutility is compiled with FIPS 140-2 support
- Customer metrics
- Data Export to Azure Event Hubs and Amazon Kinesis destinations
- The Relay Proxy
The federal instance does not support the following features:
- Live events
- The Roku SDK
- The flag Insights tab
- Inbox notifications for approval requests
- The Billing tab
- Certain areas of the Usage tab
Only FedRAMP-compliant integrations are available on the federal instance of LaunchDarkly. Integrations connect LaunchDarkly to other systems and move data between them, so connected systems must also be FedRAMP-compliant.
The federal instance supports the following integrations:
The federal instance does not support any other LaunchDarkly integrations.
Understanding federal instance URLs
The federal instance, including the LaunchDarkly application, the federal instance API, and some SDK initialization option settings, does not use the standard
.com URL path. Instead, it uses the US government's
.us URL path. If application or network layer firewalls are in use on your network, they will need to allowlist these URLs for LaunchDarkly to function properly.
These URLs include:
Initializing an SDK for the federal instance
You can initialize an SDK for the federal instance using the initialization options for the SDK.
Depending on the SDK, you may need to configure multiple service endpoints in the initialization options. These could include the base and polling endpoint, streaming endpoint, and events endpoint. Server-side SDKs normally require streaming and events settings, not polling. For a list of available service endpoints, read Understanding federal instance URLs.
The details of how to set these options differ between SDKs, as LaunchDarkly respects each language's URI and URL naming conventions and supported services. For this reason, it is critical to reference the documentation for each individual SDK. To learn how, read Service endpoint configuration.
Using open-source LaunchDarkly components with FIPS 140-2 encryption
If you are using the LaunchDarkly Relay Proxy or code references, you may need to take additional steps to ensure these components are using FIPS 140-2 validated encryption modules. The LaunchDarkly federal instance uses FIPS 140-2 validated encryption modules in all applicable places. To learn more, read LaunchDarkly in environments requiring FIPS 140-2 validated encryption modules.