04 Apr 2017

We got your RBAC

How LaunchDarkly gives teams granular access and security control for their feature flag management

Enterprise companies take security and privacy very seriously: risk must be mitigated, customer privacy must be protected, and software releases must be controlled.  Feature flags are essential tools to granularly control software releases, but with great power comes great responsibility.  When you have hundreds of stakeholders using a product, you need to make sure that every team member has the exact permissions they need: no more, no less.

Powerful tools demand powerful access controls.  This means that your demoing account executive should not be able to toggle off live production features unless they are explicitly allowed to enable for a customer.  Likewise, your developers should be able to use feature flags in their own environments, but might not have access to disable functionality that customers depend on.

Custom Roles

To make this a reality, LaunchDarkly has built an extremely powerful and granular access control system that we call custom roles.

Custom roles let you control access for every team member and every feature in LaunchDarkly, from a particular flag’s percentage rollout to the ability to toggle a flag on or off.  You can create a role using our custom roles builder.

Here are some possible custom roles:

  • Lock your production environment down to a small set of trusted users
  • Distinguish infrastructure-level feature flags (controlled by your devOps team) from experiments (controlled by product management or marketing)
  • Allow QA members to control feature flags on designated QA environments only
  • Allow your designers to add users to betas
  • Allow sales to turn a feature “on” for a user

Security

Equally essential for security is the ability to prevent nefarious access and brute force attacks.  Companies want to make sure that the platform controlling their feature releases conforms to security best practices.

As such, LaunchDarkly provides multi-factor authentication and session control for all customers.  Multi-factor authentication (MFA) improves the security of your account by requiring a second verification step in addition to your password to login. In LaunchDarkly, you can enable multi-factor authentication for your team’s account, which requires you to enter a verification passcode from a free authenticator application you install on your mobile device.  You can also require all team members to enable MFA before accessing their accounts.

Moreover, LaunchDarkly’s session control offers administrators a set of controls to manage how long users stay logged in to their account, and how often they need to re-authenticate.  This allows admins to take proactive measures when an account is compromised or a laptop is lost, providing full control over LaunchDarkly account access.

Summary

Feature flagging is increasingly becoming central to a company’s software development and release lifecycles.  As part of a company’s critical infrastructure, feature flag management platforms must have enterprise-grade security to ensure that customer data is safe and that every team member has the exact access they need.

26 Jan 2017

Launched: Flag Tagging Management

LaunchDarkly Feature Flag / Feature Toggle Targeting and Management

For better feature flag management, LaunchDarkly allows you to create tags for organizing and grouping your feature flags.  Adding tags (like “Front-End”, “Ops”, “Marketing”, “Restricted”) helps you categorize flags and manage custom permissions.

Here, we have added the tags “mobile”, “marketing”, and “unrestricted” on the Settings tab of our feature flag:

After adding tags, you can filter by tag on the dashboard and link to filters for better feature flag management.

Here, we have clicked on the “marketing” tag, which has created a filter that shows all feature flags tagged “marketing.”

LaunchDarkly Feature Flag Tagging and Management Dashboard

Creating a filter also generates a URL that you can bookmark and share with your teammates.  For example, this URL will show all feature flags tagged “marketing”  https://app.launchdarkly.com/default/production/features?tag=marketing .

In the future, we will add more advanced filtering and sorting for even better flag management.  If you have any suggestions or questions, please feel free to contact us at support@launchdarkly.com

28 Sep 2016

Launched: Enterprise Feature Flag Management

Before using LaunchDarkly, many of our customers were already feature flagging using internal tools or open source products. They used feature flags to mitigate risk, manage releases, and deploy better software, faster. However, they learned that creating a handful of feature flags was easy, but managing them at scale was extremely hard. Flags would go stale, accrue technical debt, and become neglected. It was hard to know who was responsible for maintaining and cleaning up a flag or to know which flags were temporary and which were permanent.

Flags inherently need some form of organization. You can have multiple flags that control different parts of a single feature, flags that control configurations, and flags that should only be managed by certain people. This was very difficult to implement in internal systems.

LaunchDarkly Enterprise Feature Flag Management

 

To improve feature flag management for teams, we’re excited to launch some new management features:  flag maintainer, flag tagging, flag descriptions, and rich flag variations.  These new features complement our existing management tools like flag statuses, custom roles, and the flag dashboard.

You can find most of these new features in the Settings tab of your feature flag.

LaunchDarkly Feature Flag Management Settings

Flag Maintainer

This feature allows you to assign responsible for the flag to any team member. It allows you to know who to contact if a flag needs to be cleaned up or who to contact for help. By default, the maintainer will be the individual who created the flag. You can assign any member of your team as the maintainer for a particular flag.

LaunchDarkly Feature Flag Maintainer

Flag Descriptions

You can now create custom descriptions for each feature flag. These human-readable descriptions help you identify the flag and its functionality in-depth. This is critical for effective feature flag management, organizing flags, and communicating the flag’s purpose to your team members.

LaunchDarkly Feature Flag Descriptions

Flag Tags

Adding tags to your flags (like Front-End, Ops, Marketing, Restricted) helps you categorize flags and manage custom permissions.

Here, we have added the tags “mobile”, “marketing”, and “unrestricted” to a feature flag.

LaunchDarkly Feature Flag/Toggles Management Tags

Rich Flag Variations

When creating a feature flag, you can specify a name, description, and value for each variation. This allows you to explicitly describe the purpose of each flag variation, especially if you are using multivariate flags returning numbers, strings, JSON objects, or JSON arrays. For example, you can have a flag that returns numbers and then add a name and description to describe each variation.

LaunchDarkly Multivariate Feature Flag / Toggles Names and Descriptions

We hope these new features are able to improve your team’s ability to manage feature flags and mitigate technical debt. If you have any questions or feedback, we would love to hear from you at support@launchdarkly.com .

 

26 Aug 2016

3 Ways to Avoid Technical Debt when Feature Flagging

Feature flags are a valuable technique of separating out release (deployment) from visibility. Feature flags allow a software organization to turn features on and off at a high level, as well as segment out their base to allow different users different levels of access. However, feature flags have an (ill-deserved) reputation of “Technical Debt”. Used incorrectly, feature flags can accumulate, add complexity, and even break your system. Used correctly, feature flags can help you move faster. Here’s three easy ways you can avoid technical debt when using feature flags.

  1. Create a central repository for feature flags

Using config files for feature flags is “the junk drawer” of technical debt. If you have seven config files with different flags for different parts of the system, it’s hard to know what flags exist, or how they interact. Have one place where you manage all of your feature flags.

  1. Avoid ambiguously named flags

Give your flags easy to understand, intuitive names. Assume that someone other than you and your flag could potentially be using this flag days, months, and years into the future. Don’t have a name that could cause someone to turn it on when they mean off, or vice versa. For example “FilterUser”, when it’s off – does this mean users are filtered? or not?

  1. Have a plan for flag removal

Some flags are meant for permanent control, for example for an entitlements system. Other flags are temporary, meant for the purpose of a release only. If a flag can be removed (because it’s serving 100% or 0% of traffic), it should be removed, as quickly as possible. To enforce this rigor, when you write the flag, also write the pull request to remove it. That way, when it’s time to remove the flag, it’s a two second task.

04 Mar 2016

Enterprise Requirements for Managing Feature Flags

enterprise tech center

Harnessing LaunchDarkly to manage feature flags at scale

The process of feature flagging is fairly straightforward: you wrap your features in conditionals that determine who can see your features and when. At an enterprise scale, organizations must confront the complexities of mitigating technical debt, managing developer workflows, compliance, and controlling the lifecycle of feature flags. To meet these challenges, LaunchDarkly provides an enterprise-grade feature flag platform built specifically for development teams.

Continue reading “Enterprise Requirements for Managing Feature Flags” »