For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Sign inTry it free
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
  • Get started
    • Overview
    • Onboarding
    • Get started
    • Launch Insights
    • LaunchDarkly architecture
    • LaunchDarkly vocabulary
  • AgentControl
    • AgentControl
    • Manage AgentControl
  • Feature flags
    • Create flags
    • Target with flags
    • Flag templates
    • Manage flags
    • Code references
    • Contexts
    • Segments
  • Releases
    • Releasing features with LaunchDarkly
    • Release policies
    • Percentage rollouts
    • Progressive rollouts
    • Guarded rollouts
    • Feature monitoring
    • Release pipelines
    • Engineering insights
    • Release management tools
    • Applications and app versions
    • Change history
    • Restoring previous flag versions
  • Observability
    • Observability
    • Session replay
    • Error monitoring
    • Logs
    • Traces
    • Observability metrics
    • Product analytics events
    • LLM observability
    • Alerts
    • Dashboards
    • Service map
    • Vega for auto-remediation
    • Observability MCP server
    • Search specification
    • Observability settings
    • Observability integrations
  • Experimentation
    • Experimentation
    • Experiment metric types
    • Experiment configuration
    • Managing experiments
    • Analyzing experiments
    • Multi-armed bandits
    • Holdouts
  • Metrics and events
    • Metrics in LaunchDarkly
    • Creating metrics
    • Metric groups
    • Events
    • Autogenerated metrics
  • Warehouse native
    • Warehouse native metrics
    • Setting up external warehouses
    • Creating experiments using warehouse native metrics
  • Infrastructure
    • Connect apps and services to LaunchDarkly
    • LaunchDarkly in China and Pakistan
    • LaunchDarkly in the European Union (EU)
    • LaunchDarkly in federal environments
      • LaunchDarkly in environments requiring FIPS 140-2 validated encryption modules
    • Public IP list
  • Your account
    • Projects
    • Views
    • Environments
    • Tags
    • Teams
    • Members
    • Roles
    • Account security
    • Feature previews
    • Billing and usage
    • Changelog
Sign inTry it free
LogoLogo
On this page
  • Overview
  • SDKs
  • Relay Proxy
  • Verification
  • Code references
InfrastructureLaunchDarkly in federal environments

LaunchDarkly in environments requiring FIPS 140-2 validated encryption modules

Was this page helpful?
Previous

Public IP list

Next
Built with

Overview

In some customer environments, notably those serving the US government community, there may be compliance requirements to use FIPS 140-2 validated encryption modules. This topic explains how customers can use LaunchDarkly in environments that require that all data is encrypted in transit using FIPS 140-2 validated encryption modules.

To comply with these requirements, customers must:

  • Use the LaunchDarkly federal environment.
  • Use FIPS 140-2 validated encryption modules for any data transmission. One such module is BoringCrypto. It is a fork of OpenSSL that is maintained by Google, and allows for Golang applications to use FIPS 140-2 validated encryption, in place of the standard Golang crypto libraries.
Complying with regulatory requirements is the customer's responsibility

While this topic guides you in meeting your compliance needs, it is up to you to ensure that your encryption practices are documented in your SSP and are reviewed by your auditors, to ensure they are applicable and sufficient to your particular needs.

SDKs

Because the LaunchDarkly SDKs are bundled into your applications, they should inherit the encryption modules used by your application.

For example, in Golang, you can use the boringcrypto experiment flag when building your Go (1.19+) code. The Relay Proxy is a great example of such an application, written in Go, using the LaunchDarkly Go SDK.

Relay Proxy

To build the LaunchDarkly Relay Proxy using BoringCrypto, run:

Shell
$GOEXPERIMENT=boringcrypto go build .

Use this instead of running make or go build . to build the Relay Proxy with FIPS 140-2 encryption.

Verification

To verify that a Go binary was indeed built with BoringCrypto, there are two methods you can use.

One method is to call go version and check the Experiments list. For example, here’s how to check a binary called ld-relay:

Shell
$    $ go version ld-relay
$    ld-relay: go1.19 X:boringcrypto

The X:boringcrypto indicates that this binary includes the FIPS 140-2 validated encryption modules.

The other method is to examine the symbol table in the binary, looking for BoringCrypto symbols:

Shell
$$ go tool nm ld-relay | grep _Cfunc__goboringcrypto_

If this command returns results and a 0 exit code, then the binary includes the FIPS 140-2 validated encryption modules.

Code references

If you are using code references you will need to build the ld-find-code-refs binary similarly.