turbot/launchdarkly
steampipe plugin install launchdarkly

Table: launchdarkly_access_token - Query LaunchDarkly Access Tokens using SQL

LaunchDarkly is a feature management platform that enables teams to safely deliver and control software through feature flags. Access Tokens in LaunchDarkly are used to authenticate API calls. They can be scoped to provide either global or project-specific access.

Table Usage Guide

The launchdarkly_access_token table provides insights into access tokens within LaunchDarkly's feature management platform. As a developer or security analyst, explore token-specific details through this table, including scopes, projects, and associated metadata. Utilize it to uncover information about tokens, such as those with global access, the projects associated with each token, and the verification of token activities.

Examples

Basic info

Explore the creation and last usage dates, along with the owner and role details, of access tokens to help manage their lifecycle and maintain security.Discover the segments that have been recently used in the LaunchDarkly platform. This allows for an assessment of user activity and role assignment, which can be helpful in understanding platform usage patterns and managing access control.

select
name,
id,
creation_date,
owner_id,
role,
last_used
from
launchdarkly_access_token;
select
name,
id,
creation_date,
owner_id,
role,
last_used
from
launchdarkly_access_token;

List of access tokens with their member information and date of creation

Explore which access tokens are associated with specific members and when they were created. This is useful for auditing purposes, enabling you to track access and identify any potential security risks.Explore the relationship between access tokens and their associated member information, including their unique identifiers and roles. This can be useful for understanding user activity and permissions, as well as tracking the creation dates of these tokens for security or auditing purposes.

select
name,
id,
member ->> '_id' as member_id,
member ->> 'email' as member_email_id,
(member ->> 'firstName') || ' ' || (member ->> 'lastName') as member_name,
member ->> 'role' as member_role,
creation_date
from
launchdarkly_access_token;
select
name,
id,
json_extract(member.value, '$._id') as member_id,
json_extract(member.value, '$.email') as member_email_id,
(
json_extract(member.value, '$.firstName') || ' ' || json_extract(member.value, '$.lastName')
) as member_name,
json_extract(member.value, '$.role') as member_role,
creation_date
from
launchdarkly_access_token,
json_each(launchdarkly_access_token.member) as member;

List the access tokens that have been created in the last 30 days

Discover the access tokens that have been recently created to understand any potential security risks or unusual activity. This can be useful in maintaining the security of your system by identifying any unauthorized or unexpected tokens.Discover the access tokens that were generated in the past month. This can help you monitor recent activity and manage access control effectively.

select
name,
id,
creation_date,
owner_id,
role
from
launchdarkly_access_token
where
creation_date >= now() - interval '30' day;
select
name,
id,
creation_date,
owner_id,
role
from
launchdarkly_access_token
where
creation_date >= date('now', '-30 day');

List the access tokens which haven't been used in the last 30 days

Explore which access tokens have been inactive for the past 30 days. This can help in identifying unused or potentially expired tokens, aiding in system clean-up and security measures.Explore which access tokens have remained inactive for the past 30 days. This can be useful for identifying potential security risks or cleaning up unused resources.

select
id,
name,
last_used
from
launchdarkly_access_token
where
last_used <= now() - interval '30' day;
select
id,
name,
last_used
from
launchdarkly_access_token
where
last_used <= datetime('now', '-30 day');

Access key count by member name

Determine the number of access keys associated with each member in your LaunchDarkly system. This can help manage and monitor user permissions and security within your organization.Analyze the number of access keys associated with each member to understand their level of system access. This could be useful for auditing purposes or to identify potential security risks.

select
(member ->> '_id') as member_id,
(member ->> 'firstName') || ' ' || (member ->> 'lastName') as member_name,
count (id) as access_key_count
from
launchdarkly_access_token
group by
member,
(member ->> '_id');
select
json_extract(member.value, '$._id') as member_id,
json_extract(member.value, '$.firstName') || ' ' || json_extract(member.value, '$.lastName') as member_name,
count (id) as access_key_count
from
launchdarkly_access_token,
json_each(member)
group by
member.value,
json_extract(member.value, '$._id');

Get the details of access tokens with read-only permission

Explore which access tokens have read-only permissions to understand their usage and ownership details. This can help in maintaining security by ensuring that unauthorized changes aren't being made.Explore which access tokens have been assigned read-only permissions to understand their usage and ownership. This could be useful for auditing purposes, ensuring that only appropriate users have read-only access and identifying any potential security risks.

select
name,
id,
creation_date,
owner_id,
role,
last_used
from
launchdarkly_access_token
where
role = 'reader';
select
name,
id,
creation_date,
owner_id,
role,
last_used
from
launchdarkly_access_token
where
role = 'reader';

Schema for launchdarkly_access_token

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
creation_datetimestamp with time zoneCreation date of the access token.
custom_role_idsjsonbA list of custom role IDs to use as access limits for the access token.
default_api_versionbigintThe default API version for this token.
descriptiontextA description for the access token.
idtext=A unique identifier of the access token.
inline_rolejsonbAn array of policy statements, with three attributes: effect, resources, actions. May be used in place of a built-in or custom role.
last_modifiedtimestamp with time zoneLast modified date of the access token.
last_usedtimestamp with time zoneDate and time when the access token was last used.
linksjsonbThe location and content type of related resources.
memberjsonbSummary of the member like email, first name, last name etc.
member_idtextA unique identifier of the member of the organization.
nametextThe name of the access token.
owner_idtextA unique identifier of the owner of the organization.
roletextBuilt-in role for the token.
service_tokenbooleanWhether this is a service token or a personal token.
titletextTitle of the resource.
tokentextThe token value. When creating or resetting, contains the entire token value. Otherwise, contains the last four characters.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- launchdarkly

You can pass the configuration to the command with the --config argument:

steampipe_export_launchdarkly --config '<your_config>' launchdarkly_access_token