SDK credentials

Overview

This topic explains how to view and copy SDK credentials and environment keys.

SDK credentials include the SDK key, mobile key, and client-side ID. You need one of these credentials when you set up your SDK. Which credential you need depends on which SDK you use:

• SDK keys: Use with server-side and AI SDKs. SDK keys should be kept secret. If an SDK key is exposed, you can rotate it. SDK keys always start with the prefix sdk-.
• Mobile keys: Use with client-side SDKs designed for mobile. Mobile keys do not need to be kept secret. However, if you wish to rotate a mobile key, you can. Mobile keys always start with the prefix mob-.
• Client-side IDs: Use with JavaScript-based client-side SDKs and edge SDKs. The client-side ID does not need to be kept secret and cannot be rotated. Client-side IDs are alphanumeric, and do not contain dashes.

To learn more about different SDK key types, read About the different types of SDKs and Keys.

You can view, copy, and reset SDK credentials from the SDK keys page under Settings.

View or copy SDK credentials

To view or copy an SDK key, mobile key, or client-side ID:

1. Click the gear icon in the left sidenav to view Organization settings.
2. Click SDK keys. The “SDK keys” page opens.
3. Using the dropdown menus, search for and select the project and environment for which you want to view or copy a credential.
4. (Optional) To reveal an SDK key, click the eye icon.
5. Click the clipboard icon to copy a credential to your clipboard.

Rotate SDK credentials

If you need to reset an SDK key or mobile key, you can first create a new key, and then delete the old key after you have fully moved your application to the new key. You can also set an expiry on a key at any time, as long as there is at least one active server-side and one active mobile key associated with the environment at all times.

Best practices for rotating SDK keys

There is no need to rotate client-side IDs or mobile keys, because they do not need to be kept secret.

You may want to rotate SDK keys in the following situations:

• If the SDK key is exposed: If your SDK key has been exposed publicly, you should create a new SDK key and move your applications to it as soon as possible.
• On a regular cadence: It’s good practice to rotate your SDK keys on a regular cadence, in case they are exposed publicly without your awareness.

To rotate your keys, we recommend the following steps:

• Conduct an inventory of all places where they key is used, such as apps, services, Kubernetes secrets, CI/CD tools, and the Relay Proxy.
• Create a new SDK key.
• Optionally set an expiration date for the old key.
• Update all apps, services, secrets, and tools with the new key. As long as the old key has not been deleted and has not expired, both the old and new keys will work.
  • If you manually configure the Relay Proxy, update the relay config with the new key and restart the relay so it re-authenticates.
  • If you use the Relay Proxy’s automatic configuration feature, it will learn new keys automatically and no manual restart is required.
• Verify that your apps are successfully connecting to LaunchDarkly.
• Delete the old key, or let the expiration date pass.

After the old key is deleted or expired, any SDKs still using it will fail authentication and feature flag evaluations will return fallback values defined in your code.

Multiple SDK credentials for multiple applications

If you are managing multiple applications within the same environment, you can generate and manage distinct SDK credentials for each application. This helps reduce the risk and impact if an SDK key is accidentally exposed.

If you need to move your application to a new SDK key, we recommend creating the new SDK key, updating your application, and deleting the old SDK key only after you have confirmed you no longer need it.

Create SDK credentials

To create a new SDK key or mobile key:

1. Click the gear icon in the left sidenav to view Organization settings.
2. Click SDK keys. The “SDK keys” page opens.
3. Using the dropdown menus, search for and select your project and environment.
4. Click New SDK key or New mobile key.

You cannot create new client-side IDs.

Delete SDK keys

Before you delete an SDK key, ensure that none of your applications use the key.

To delete an old SDK key or mobile key:

1. Click the gear icon in the left sidenav to view Organization settings.
2. Click SDK keys. The “SDK keys” page opens.
3. Using the dropdown menus, search for and select your project and environment.
4. Click the three-dot overflow menu next to the SDK key or mobile key you want to delete.
5. Select Delete key.
6. Enter the environment name to Confirm.
7. Click Delete key.

You cannot delete client-side IDs.

Set expiration dates for SDK keys

If you know that you will need an SDK key or mobile key for a limited amount of time, you can set a date for the SDK key to automatically expire. Here’s how:

1. Click the gear icon in the left sidenav to view Organization settings.
2. Click SDK keys. The “SDK keys” page opens.
3. Using the dropdown menus, search for and select the project and environment for which you want to set an expiration date.
4. Click the three-dot overflow menu next to the SDK key or mobile key you want to set an expiration date for.
5. Select Set expiration.
6. Enter an Expiration date and time.
7. Enter the environment name to Confirm.

You cannot set expiration dates for client-side IDs.

View expired SDK keys

To view an expired SDK key:

1. Click the gear icon in the left sidenav to view Organization settings.
2. Click SDK keys. The “SDK keys” page opens.
3. Using the dropdown menus, search for and select the project and environment for which you want to view an expired key.
4. Click N expired SDK keys. A new section appears.
5. To reveal an SDK key, click the eye icon.