The LaunchDarkly lab is a great demo of how to use LaunchDarkly with ADO.
Unfortunately, the lab suggests hard-coding the LaunchDarkly SDK key into the app source code. This is likely to cause problems:
Server-side SDK keys should be treated as secrets and managed accordingly. They're not as powerful as API tokens, because they can only be used to read (but not change) flag and segment configurations, but those resources might have private/sensitive information.
SDK keys are environment-specific. A team would likely use a different SDK key for each of their main deployment environments, such as production and staging. For example, a team using Azure App Service could store the SDK key in App Settings to make it available in an environment variable.
Changing the lab to reflect these best practices might add a little complexity, but it's worth at least adding a call-out of some kind to warn developers of these problems. Thank you!
The LaunchDarkly lab is a great demo of how to use LaunchDarkly with ADO.
Unfortunately, the lab suggests hard-coding the LaunchDarkly SDK key into the app source code. This is likely to cause problems:
Changing the lab to reflect these best practices might add a little complexity, but it's worth at least adding a call-out of some kind to warn developers of these problems. Thank you!