Skip to main content
SDK / Relay

How to verify secure mode hash

Affected: .NET (server-side), Go, Haskell, Java, Node.js (client-side & server-side), PHP, Python, Ruby, Rust, JavaScript, Electron, React Web

Overview

Verifying the secure mode hash in LaunchDarkly is crucial for maintaining the privacy and security of your feature flag evaluations. When secure mode is enabled, it ensures that unauthorized client sessions cannot access your evaluations.

To enable secure mode, you need to configure your JavaScript-based SDK to include a server-generated HMAC SHA256 hash of your context or user key. This hash is signed with the SDK key of your environment. By verifying this hash on your client application, you can ensure that the flag data remains intact and secure. This provides an added layer of protection against security breaches, helping to maintain the privacy of the variation an end user receives.

Secure mode is only available for communication between client-side SDKs and LaunchDarkly. It is not necessary for server-side SDKs.

Solution

Before you can start verifying the secure mode hash in LaunchDarkly, you need to have enabled it for your desired environment. To do this, follow these steps:

  1. Enable secure mode — follow the steps in our documentation.

  2. Define your context object. You can use either a Single-context or a Multi-context object. Read our documentation on User and context configuration for more information.

  3. Generate a secure mode hash in your server-side SDK using the secureModeHash function. This hash is generated using the canonical key, which is a combination of all the keys and kinds of the context object sorted by kind. You can also create the hash manually.

  4. Verify the secure mode hash in your client-side SDK by passing the hash value generated in the previous step and reusing the context object for initialization. Read configuring secure mode in the Javascript-based SDKs.

Upon successful verification of the hash generated from the server-side SDK by the client-side SDK, it ensures that the correct variation is received. However, if the hash fails to verify, an error message similar to [LaunchDarkly] Error fetching flag settings: 400 will appear in the console, and the in-code fallback value will be served.

Related articles

Was this article helpful?
0 out of 1 found this helpful
contact support icon
Contact Support Get in touch with us, so we can answer your specific questions directly
call to action arrow
documentation icon
Documentation Explore our documentation on feature flagging, experimentation & more
call to action arrow
submit support tickets icon
Your Support Tickets Check the status of all the support tickets you've filed
call to action arrow

READ

Blog

Learn the latest in feature management and our platform.

WATCH

Webinars

Register to watch live and on-demand content today.

LEARN

Documentation

Get technical and learn how to start using feature flags.