For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
This topic explains how to view and copy SDK credentials and environment keys.
SDK credentials connect your SDKs to LaunchDarkly and determine which environment they connect to. Each environment has three types of credentials, and which one you need depends on which SDK you use:
SDK keys: Use with server-side and AI SDKs. Keep SDK keys secret. If an SDK key is exposed, you can rotate it. SDK keys always start with the prefix sdk-.
Mobile keys: Use with client-side SDKs designed for mobile. Mobile keys do not need to be kept secret, but you can rotate them if needed. Mobile keys always start with the prefix mob-.
Client-side IDs: Use with JavaScript-based client-side SDKs and edge SDKs. Client-side IDs do not need to be kept secret and cannot be rotated. Client-side IDs are alphanumeric and do not contain dashes.
Using ldcli dev-server with client-side SDKs
When you connect a client-side SDK to the ldcli dev-server for local testing, use your project key as the SDK credential and set all service endpoints to http://localhost:8765.
Do not use an SDK key, mobile key, or client-side ID with the dev-server. If you use a client-side ID, the SDK connects to LaunchDarkly instead of the dev-server, which can result in CORS errors.
To learn how to create and manage API access tokens, read API access tokens.
You can view, copy, and reset SDK credentials from the SDK keys page under Settings. Customers on an Enterprise or Guardian plan can use multiple SDK keys and mobile keys at the same time. Customers on other plans can use a single SDK key and a single mobile key per environment.
View or copy SDK credentials
To view or copy an SDK key, mobile key, or client-side ID:
Click the gear icon in the left sidenav to open Organization settings.
Click SDK keys. The “SDK keys” page opens.
Use the dropdown menus to search for and select the project and environment for which you want to view or copy a credential.
To reveal an SDK key, click the eye icon.
Click the clipboard icon to copy a credential to your clipboard.
Enterprise and Guardian plans support using multiple SDK and mobile keys
Customers on an Enterprise or Guardian plan can use multiple SDK keys and multiple mobile keys at the same time. Customers on other plans can use a single SDK key and a single mobile key per environment. To learn more, read about our pricing. To upgrade your plan, contact Sales.
If you need to reset an SDK key or mobile key, you can first create a new key, and then delete the old key after you have fully moved your application to the new key. You can also set an expiry on a key at any time, as long as there is at least one active server-side and one active mobile key associated with the environment at all times.
There is no need to rotate client-side IDs or mobile keys, because they do not need to be kept secret.
You may want to rotate SDK keys in the following situations:
If the SDK key is exposed: If your SDK key has been exposed publicly, you should create a new SDK key and move your applications to it as soon as possible.
On a regular cadence: It’s good practice to rotate your SDK keys on a regular cadence, in case they are exposed publicly without your awareness.
To rotate your keys, we recommend the following steps:
Conduct an inventory of all places where they key is used, such as apps, services, Kubernetes secrets, CI/CD tools, and the Relay Proxy.
Update all apps, services, secrets, and tools with the new key. As long as the old key has not been deleted and has not expired, both the old and new keys will work.
If you manually configure the Relay Proxy, update the relay config with the new key and restart the relay so it re-authenticates.
If you use the Relay Proxy’s automatic configuration feature, it will learn new keys automatically and no manual restart is required.
Verify that your apps are successfully connecting to LaunchDarkly.
Delete the old key, or let the expiration date pass.
After the old key is deleted or expired, any SDKs still using it will fail authentication and feature flag evaluations will return fallback values defined in your code.
Multiple SDK credentials for multiple applications
If you are managing multiple applications within the same environment, you can generate and manage distinct SDK credentials for each application. This helps reduce the risk and impact if an SDK key is accidentally exposed.
If you need to move your application to a new SDK key, we recommend creating the new SDK key, updating your application, and deleting the old SDK key only after you have confirmed you no longer need it.
The Relay Proxy must use the default SDK key
If you are using the Relay Proxy, it can only use the default SDK key.
Create SDK credentials
To create a new SDK key or mobile key:
Click the gear icon in the left sidenav to view Organization settings.
Click SDK keys. The “SDK keys” page opens.
Using the dropdown menus, search for and select your project and environment.
If you know that you will need an SDK key or mobile key for a limited amount of time, you can set a date for the SDK key to automatically expire. Here’s how:
Click the gear icon in the left sidenav to view Organization settings.
Click SDK keys. The “SDK keys” page opens.
Using the dropdown menus, search for and select the project and environment for which you want to set an expiration date.
Click the three-dot overflow menu next to the SDK key or mobile key you want to set an expiration date for.
Select Set expiration.
Enter an Expiration date and time.
Enter the environment name to Confirm.
You cannot set expiration dates for client-side IDs.
View expired SDK keys
To view an expired SDK key:
Click the gear icon in the left sidenav to view Organization settings.
Click SDK keys. The “SDK keys” page opens.
Using the dropdown menus, search for and select the project and environment for which you want to view an expired key.
