Integrations

LaunchDarkly Integration

Two ways FlagShark integrates with LaunchDarkly — CLI cross-reference during scans, and the SaaS dashboard LD-sync that auto-creates cleanup PRs.

6 min readLast updated: May 22, 2026

FlagShark integrates with LaunchDarkly in two independent ways. Understanding which one you need will save setup time.

	CLI cross-reference	SaaS LD-sync
Where configured	`.flagshark.yml` `platforms:` block	Dashboard → Settings → Integrations
Credential storage	Env var (`LAUNCHDARKLY_API_TOKEN` by default)	AWS Secrets Manager (entered in dashboard)
What it does	Checks scan results against your LD project; flags missing or archived in LD	Polls LD for `readyForCodeRemoval` flags and opens cleanup PRs
When it runs	During every `flagshark scan`	Daily, via a scheduled Lambda
Plan required	All plans	Team or higher

Most teams set up both: the CLI cross-reference catches flag hygiene issues in CI, while the SaaS LD-sync automates the actual cleanup PR creation.

Integration 1 — CLI Cross-Reference

During a flagshark scan, FlagShark can cross-reference every flag key it detects in your code against your LaunchDarkly project. It emits two signals:

Signal	Severity	Meaning
`missing-in-platform`	error	Flag key found in code but does not exist in LD
`archived-in-platform`	warning	Flag key found in code but is archived in LD

Configuration

Add a platforms block to .flagshark.yml:

platforms:
  launchdarkly:
    project: my-project-key      # required
    environment: production      # required
    token_env: LAUNCHDARKLY_API_TOKEN   # optional — this is the default

The token_env field names the environment variable that holds your API access token. If omitted, LAUNCHDARKLY_API_TOKEN is used.

Export the token before running a scan:

export LAUNCHDARKLY_API_TOKEN=api-xxxxxxxxxxxxxxxxxxxxxxxx
flagshark scan

In CI, set LAUNCHDARKLY_API_TOKEN as a repository secret. The token only needs Reader role.

Getting an API Access Token

Go to Account Settings → Authorization → Access tokens

Click "Create token"

Name it something like "FlagShark CLI"

Select Reader role (minimum required)

Copy the token immediately (it won't be shown again)

Use a dedicated service account token rather than a personal token. This ensures scans keep working if team members leave.

Integration 2 — SaaS LD-Sync (Dashboard)

1
Flag Ready
for removal
2
Daily Sync
3
Query
LD + code refs
4
Filter & Validate
5
Cleanup PR

The SaaS LD-sync is a scheduled Lambda that polls LaunchDarkly once per day for flags marked "ready for code removal" and automatically creates cleanup PRs in your GitHub repositories.

The SaaS LD-sync requires a Team plan or higher.

Prerequisites

LaunchDarkly Code References — Must be set up and running in your repositories. Without them, FlagShark cannot determine which repos contain each flag.
API access token — Reader role or higher, with access to your LD project.
FlagShark Workspace — With the GitHub repositories you want to clean up.

Set up Code References in LaunchDarkly before connecting. FlagShark uses them to map flags to repos.

Setting Up the Connection

Go to Settings → Integrations in your FlagShark dashboard

Find the LaunchDarkly section and click "Add Connection"

Enter your LaunchDarkly API access token (stored securely in AWS Secrets Manager — never in your YAML config)

Click "Test Connection" to verify the token works

Select the project you want to sync

Configure critical environments (see below)

Click "Save Connection"

LaunchDarkly connection form — Configure your LaunchDarkly connection with API access token and project selection

Getting an API Access Token for the Dashboard

Go to Account Settings → Authorization → Access tokens

Click "Create token"

Name it something like "FlagShark Integration"

Select Reader role (minimum required)

Copy the token immediately (it won't be shown again)

Connection Settings

Setting	Description	Default
API access token	LaunchDarkly API access token	Required
Project key	The LD project to monitor	Required
Critical environments	Environments where flag must be OFF before cleanup	`["production"]`
Max PRs per run	Maximum cleanup PRs created per scheduled run	5
Enabled	Whether the connection is active	On

Critical Environments

Before creating a cleanup PR, FlagShark verifies the flag is OFF in all critical environments. This prevents removing flags that are still serving live traffic.

Example: If production is a critical environment:

Flag is OFF in production → Cleanup PR created
Flag is ON in production → Flag skipped (too risky to remove)

Always include your production environment in critical environments.

Max PRs per Run

To avoid overwhelming your team with cleanup PRs, FlagShark limits how many are created per daily run. Start with 5 and increase as your team gets comfortable with the workflow.

Excluded Maintainers and Repository Filtering

If certain flag maintainers should be excluded from automatic cleanup, or if you want to restrict (or exclude) specific repositories, configure these options in the dashboard connection form. They are stored in the FlagShark database alongside the connection — not in .flagshark.yml.

Excluded maintainers — Flag maintainer emails to skip (e.g., a platform team that manages flags manually)
Repositories — Allowlist of repository names to create PRs in; if empty, all repos in your GitHub org are eligible
Excluded repos — Repository names to always skip, even if they have code references to the flag

Multiple Projects

You can connect multiple LaunchDarkly projects to a single workspace:

Go to Settings → Integrations

Click "Add Connection" again

Use the same or different API access token

Select a different project

Configure settings for this project

Each project connection operates independently with its own settings.

How the Daily Sync Works

Sync Schedule

The LD-sync runs automatically every 24 hours. During each run:

Fetch ready flags — Query LD for flags with staleState: readyForCodeRemoval via GET /api/v2/flags/{project}?filter=staleState:readyForCodeRemoval
Get code references — Determine which repos contain each flag via GET /api/v2/code-refs/statistics/{project}
Filter flags — Check critical environments, excluded maintainers, and repository filters
Queue for cleanup — Send eligible flags to the cleanup processor
Track processed — Record processed flags in the flagshark-ld-processed DynamoDB table to prevent duplicate PRs

Sync Status

View sync status in Settings → Integrations:

Status	Meaning
Connected	Integration is active and syncing
Last Sync	Timestamp of most recent sync
Flags Processed	Total flags processed to date
Pending	Flags queued for cleanup

What Gets Synced

Data	Source	Usage
Flag key & name	LD Flags API	Identify the flag
Flag creation date	LD Flags API	Age tracking
Flag maintainer	LD Flags API	Filtering
Stale state	LD Flags API	Determine if ready for removal
Code references	LD Code Refs API	Find repositories
Environment status	LD Flags API	Critical environment checks

Cleanup PR Generation

When a flag passes all filters, FlagShark creates a cleanup PR:

PR Contents

Title: [FlagShark] Remove feature flag: {flag-key}
Branch: flagshark/remove-{flag-key}
Body: Links to LaunchDarkly, age information, original PR (if tracked)
Code changes: Flag usage removed using Piranha technology

Code Removal

FlagShark uses Piranha, an open-source tool from Uber, to intelligently remove flag code:

Removes flag checks and related dead code
Preserves the "on" branch (feature enabled) by default
Handles complex conditionals and nested logic
Supports multiple languages (TypeScript, Python, Go, Java, etc.)

Piranha-generated changes should always be reviewed. While highly accurate, complex flag usage patterns may require manual adjustment.

Troubleshooting

Connection Test Fails

"Invalid API key"

Verify the token is copied correctly (no extra spaces)
Check the token hasn't been revoked in LaunchDarkly
Ensure the token has Reader role or higher

"Project not found"

Verify the project key matches exactly (case-sensitive)
Ensure the API access token has access to this project

Flags Not Being Processed

Flag is ready in LD but no PR created

Check these common causes:

Critical environment check failed — Flag is still ON in production
Already processed — Flag was processed in a previous run (check the flagshark-ld-processed tracking table)
Excluded maintainer — Flag maintainer is in the exclusion list (configured in the dashboard)
No code references — LD Code References not set up for the repo
Repository not tracked — Repo not included in FlagShark workspace or is in the excluded repos list

Duplicate PRs

If you're seeing duplicate cleanup PRs:

Check the flagshark-ld-processed tracking table
Ensure you're not running multiple workspace connections for the same project
Contact support if the issue persists

Sync Not Running

"Last sync" shows old date

Verify the connection is enabled in the dashboard
Check your subscription is active (Team plan or higher required)
Review AWS CloudWatch logs for errors (Enterprise only)

CLI: Token Not Found

LAUNCHDARKLY_API_TOKEN not set

Export the env var before running flagshark scan, or set it in your CI secrets
To use a different variable name, set token_env: MY_CUSTOM_VAR in the platforms.launchdarkly block of .flagshark.yml

Best Practices

Workflow Integration

Mark flags in LD when a feature is fully rolled out
Wait for sync (runs daily) to create a cleanup PR
Review the PR to verify changes are correct
Merge and deploy following your normal process

Flag Lifecycle

1
Created
2
Dev & Rollout
3
100% Enabled
4
Mark for Removal
5
Cleanup PR
6
Merge

Security Recommendations

Use service account tokens — Not personal tokens
Minimum permissions — Reader role is sufficient for both integrations
Rotate tokens periodically — Update in the dashboard (SaaS) or re-export the env var (CLI)
Review PRs before merging — Don't auto-merge cleanup PRs

API Reference

The SaaS LD-sync uses these LaunchDarkly API endpoints:

Endpoint	Purpose
`GET /api/v2/flags/{project}?filter=staleState:readyForCodeRemoval`	Fetch flags ready for removal
`GET /api/v2/code-refs/statistics/{project}`	Get code reference mapping
`GET /api/v2/projects`	List available projects (used in UI)

Next Steps

Set up Code References in LaunchDarkly (required for SaaS sync)

Configure cleanup settings in FlagShark

Set up Slack notifications to track cleanup PRs

Integrations

LaunchDarkly Integration

Two ways FlagShark integrates with LaunchDarkly — CLI cross-reference during scans, and the SaaS dashboard LD-sync that auto-creates cleanup PRs.

6 min readLast updated: May 22, 2026

FlagShark integrates with LaunchDarkly in two independent ways. Understanding which one you need will save setup time.

	CLI cross-reference	SaaS LD-sync
Where configured	`.flagshark.yml` `platforms:` block	Dashboard → Settings → Integrations
Credential storage	Env var (`LAUNCHDARKLY_API_TOKEN` by default)	AWS Secrets Manager (entered in dashboard)
What it does	Checks scan results against your LD project; flags missing or archived in LD	Polls LD for `readyForCodeRemoval` flags and opens cleanup PRs
When it runs	During every `flagshark scan`	Daily, via a scheduled Lambda
Plan required	All plans	Team or higher

Most teams set up both: the CLI cross-reference catches flag hygiene issues in CI, while the SaaS LD-sync automates the actual cleanup PR creation.

Integration 1 — CLI Cross-Reference

During a flagshark scan, FlagShark can cross-reference every flag key it detects in your code against your LaunchDarkly project. It emits two signals:

Signal	Severity	Meaning
`missing-in-platform`	error	Flag key found in code but does not exist in LD
`archived-in-platform`	warning	Flag key found in code but is archived in LD

Configuration

Add a platforms block to .flagshark.yml:

platforms:
  launchdarkly:
    project: my-project-key      # required
    environment: production      # required
    token_env: LAUNCHDARKLY_API_TOKEN   # optional — this is the default

The token_env field names the environment variable that holds your API access token. If omitted, LAUNCHDARKLY_API_TOKEN is used.

Export the token before running a scan:

export LAUNCHDARKLY_API_TOKEN=api-xxxxxxxxxxxxxxxxxxxxxxxx
flagshark scan

In CI, set LAUNCHDARKLY_API_TOKEN as a repository secret. The token only needs Reader role.

Getting an API Access Token

Go to Account Settings → Authorization → Access tokens

Click "Create token"

Name it something like "FlagShark CLI"

Select Reader role (minimum required)

Copy the token immediately (it won't be shown again)

Use a dedicated service account token rather than a personal token. This ensures scans keep working if team members leave.

Integration 2 — SaaS LD-Sync (Dashboard)

1
Flag Ready
for removal
2
Daily Sync
3
Query
LD + code refs
4
Filter & Validate
5
Cleanup PR

The SaaS LD-sync is a scheduled Lambda that polls LaunchDarkly once per day for flags marked "ready for code removal" and automatically creates cleanup PRs in your GitHub repositories.

The SaaS LD-sync requires a Team plan or higher.

Prerequisites

LaunchDarkly Code References — Must be set up and running in your repositories. Without them, FlagShark cannot determine which repos contain each flag.
API access token — Reader role or higher, with access to your LD project.
FlagShark Workspace — With the GitHub repositories you want to clean up.

Set up Code References in LaunchDarkly before connecting. FlagShark uses them to map flags to repos.

Setting Up the Connection

Go to Settings → Integrations in your FlagShark dashboard

Find the LaunchDarkly section and click "Add Connection"

Enter your LaunchDarkly API access token (stored securely in AWS Secrets Manager — never in your YAML config)

Click "Test Connection" to verify the token works

Select the project you want to sync

Configure critical environments (see below)

Click "Save Connection"

Getting an API Access Token for the Dashboard

Go to Account Settings → Authorization → Access tokens

Click "Create token"

Name it something like "FlagShark Integration"

Select Reader role (minimum required)

Copy the token immediately (it won't be shown again)

Connection Settings

Setting	Description	Default
API access token	LaunchDarkly API access token	Required
Project key	The LD project to monitor	Required
Critical environments	Environments where flag must be OFF before cleanup	`["production"]`
Max PRs per run	Maximum cleanup PRs created per scheduled run	5
Enabled	Whether the connection is active	On

Critical Environments

Before creating a cleanup PR, FlagShark verifies the flag is OFF in all critical environments. This prevents removing flags that are still serving live traffic.

Example: If production is a critical environment:

Flag is OFF in production → Cleanup PR created
Flag is ON in production → Flag skipped (too risky to remove)

Always include your production environment in critical environments.

Max PRs per Run

To avoid overwhelming your team with cleanup PRs, FlagShark limits how many are created per daily run. Start with 5 and increase as your team gets comfortable with the workflow.

Excluded Maintainers and Repository Filtering

Excluded maintainers — Flag maintainer emails to skip (e.g., a platform team that manages flags manually)
Repositories — Allowlist of repository names to create PRs in; if empty, all repos in your GitHub org are eligible
Excluded repos — Repository names to always skip, even if they have code references to the flag

Multiple Projects

You can connect multiple LaunchDarkly projects to a single workspace:

Go to Settings → Integrations

Click "Add Connection" again

Use the same or different API access token

Select a different project

Configure settings for this project

Each project connection operates independently with its own settings.

How the Daily Sync Works

Sync Schedule

The LD-sync runs automatically every 24 hours. During each run:

Fetch ready flags — Query LD for flags with staleState: readyForCodeRemoval via GET /api/v2/flags/{project}?filter=staleState:readyForCodeRemoval
Get code references — Determine which repos contain each flag via GET /api/v2/code-refs/statistics/{project}
Filter flags — Check critical environments, excluded maintainers, and repository filters
Queue for cleanup — Send eligible flags to the cleanup processor
Track processed — Record processed flags in the flagshark-ld-processed DynamoDB table to prevent duplicate PRs

Sync Status

View sync status in Settings → Integrations:

Status	Meaning
Connected	Integration is active and syncing
Last Sync	Timestamp of most recent sync
Flags Processed	Total flags processed to date
Pending	Flags queued for cleanup

What Gets Synced

Data	Source	Usage
Flag key & name	LD Flags API	Identify the flag
Flag creation date	LD Flags API	Age tracking
Flag maintainer	LD Flags API	Filtering
Stale state	LD Flags API	Determine if ready for removal
Code references	LD Code Refs API	Find repositories
Environment status	LD Flags API	Critical environment checks

Cleanup PR Generation

When a flag passes all filters, FlagShark creates a cleanup PR:

PR Contents

Title: [FlagShark] Remove feature flag: {flag-key}
Branch: flagshark/remove-{flag-key}
Body: Links to LaunchDarkly, age information, original PR (if tracked)
Code changes: Flag usage removed using Piranha technology

Code Removal

FlagShark uses Piranha, an open-source tool from Uber, to intelligently remove flag code:

Removes flag checks and related dead code
Preserves the "on" branch (feature enabled) by default
Handles complex conditionals and nested logic
Supports multiple languages (TypeScript, Python, Go, Java, etc.)

Piranha-generated changes should always be reviewed. While highly accurate, complex flag usage patterns may require manual adjustment.

Troubleshooting

Connection Test Fails

"Invalid API key"

Verify the token is copied correctly (no extra spaces)
Check the token hasn't been revoked in LaunchDarkly
Ensure the token has Reader role or higher

"Project not found"

Verify the project key matches exactly (case-sensitive)
Ensure the API access token has access to this project

Flags Not Being Processed

Flag is ready in LD but no PR created

Check these common causes:

Critical environment check failed — Flag is still ON in production
Already processed — Flag was processed in a previous run (check the flagshark-ld-processed tracking table)
Excluded maintainer — Flag maintainer is in the exclusion list (configured in the dashboard)
No code references — LD Code References not set up for the repo
Repository not tracked — Repo not included in FlagShark workspace or is in the excluded repos list

Duplicate PRs

If you're seeing duplicate cleanup PRs:

Check the flagshark-ld-processed tracking table
Ensure you're not running multiple workspace connections for the same project
Contact support if the issue persists

Sync Not Running

"Last sync" shows old date

Verify the connection is enabled in the dashboard
Check your subscription is active (Team plan or higher required)
Review AWS CloudWatch logs for errors (Enterprise only)

CLI: Token Not Found

LAUNCHDARKLY_API_TOKEN not set

Export the env var before running flagshark scan, or set it in your CI secrets
To use a different variable name, set token_env: MY_CUSTOM_VAR in the platforms.launchdarkly block of .flagshark.yml

Best Practices

Workflow Integration

Mark flags in LD when a feature is fully rolled out
Wait for sync (runs daily) to create a cleanup PR
Review the PR to verify changes are correct
Merge and deploy following your normal process

Flag Lifecycle

1
Created
2
Dev & Rollout
3
100% Enabled
4
Mark for Removal
5
Cleanup PR
6
Merge

Security Recommendations

Use service account tokens — Not personal tokens
Minimum permissions — Reader role is sufficient for both integrations
Rotate tokens periodically — Update in the dashboard (SaaS) or re-export the env var (CLI)
Review PRs before merging — Don't auto-merge cleanup PRs

API Reference

The SaaS LD-sync uses these LaunchDarkly API endpoints:

Endpoint	Purpose
`GET /api/v2/flags/{project}?filter=staleState:readyForCodeRemoval`	Fetch flags ready for removal
`GET /api/v2/code-refs/statistics/{project}`	Get code reference mapping
`GET /api/v2/projects`	List available projects (used in UI)

Next Steps

Set up Code References in LaunchDarkly (required for SaaS sync)

Configure cleanup settings in FlagShark

Set up Slack notifications to track cleanup PRs