LaunchDarkly Relay Proxy Scanner

Identifies which LaunchDarkly projects/environments use a Relay Proxy versus direct connections.

Quick Start

1. Install dependencies:

   pip install -r requirements.txt

2. Configure API key:

   echo "LAUNCHDARKLY_API_KEY=your-api-key-here" > .env

3. Run scanner:

   python relay_scanner.py

4. Export results:

   python relay_scanner.py --output report.csv

Getting Your API Key

1. Login to LaunchDarkly
2. Go to Account Settings → Authorization → API Access Tokens
3. Create token with Admin role (required for Usage API access)
4. Copy token to .env file

Usage

Basic Scan

python relay_scanner.py

Scan Specific Project

python relay_scanner.py --project my-project-key

Custom Time Range

# Scan last 6 months (timestamps in Unix milliseconds)
python relay_scanner.py --from 1715000000000 --to 1732000000000

Export to CSV

python relay_scanner.py --output compliance_report.csv

Verbose Mode

python relay_scanner.py --verbose

How It Works

The scanner uses the LaunchDarkly Usage API to detect Relay Proxy usage:

1. Fetches service connection data grouped by relayVersion, projectId, and environmentId
2. Detection Logic:
   • Empty relayVersion ("") = NOT using Relay Proxy ❌
   • Non-empty relayVersion (e.g., "8.14.0") = Using Relay Proxy ✅
3. Generates compliance report showing which projects/environments need configuration

Note: Only projects with active SDK connections during the specified time period will appear in results.

Output

Console Report

======================================================================
LaunchDarkly Relay Proxy Compliance Report
======================================================================

🔴 NON-COMPLIANT (Not using Relay Proxy):
  Project: My Project (my-project)
    - Environment: Production (production) [Usage: 150 minutes]

🟢 COMPLIANT (Using Relay Proxy):
  Project: Secure Project (secure-project)
    - Environment: Production (production) [Relay v8.14.0, Usage: 300 minutes]

======================================================================
SUMMARY
======================================================================
  Total Projects Analyzed: 2
  Compliance Rate: 50.0%
======================================================================

CSV Export

Includes: Project Key/Name, Environment Key/Name, Relay Proxy Status, Relay Version, Usage Minutes

API Requirements

• Endpoint: /api/v2/usage/service-connections (Beta API)
• Header Required: LD-API-Version: beta
• Permissions: Admin role or custom role with Account Usage permissions
• Plan: Usage API may require Enterprise plan

Exit Codes

• 0: All connections compliant
• 1: Non-compliant connections detected or error

Suitable for CI/CD pipelines:

python relay_scanner.py || echo "Compliance check failed!"

Troubleshooting

403 Forbidden Error

• Ensure API token has Admin permissions
• Usage API may not be enabled for your plan (contact LaunchDarkly support)

No Data Found

• Projects without SDK connections in the time period won't appear
• Try expanding the time range with --from and --to parameters

Files

• relay_scanner.py - Main scanner script
• requirements.txt - Python dependencies
• env.example - Environment variable template
• README.md - This file

License

Provided as-is for use with LaunchDarkly.