Skip to content
Latchkey

ConfigCat "SDK Key ... is invalid" in CI

ConfigCat validated the SDK Key and found it malformed or empty before fetching config. The key has a specific format, and an empty string, a truncated value, or a key that does not match your data governance region is rejected up front.

What this error means

ConfigCat logs "The SDK Key '...' is invalid" or "SDK Key is required" and the client returns default values for every setting evaluation.

ConfigCat
ConfigCat - ERROR - [1] The SDK Key '' is invalid. For more information: ...
Returning default value.

Common causes

The SDK Key is empty or truncated in CI

The secret was not injected or was cut off, so ConfigCat sees a value that does not match the expected key format.

The key does not match the configured data governance

A key issued for one data governance region used with a client configured for another is treated as invalid.

How to fix it

Inject the full SDK Key from a secret

  1. Copy the SDK Key from the ConfigCat dashboard for the target environment.
  2. Store it as a CI secret and pass the complete value to the client.
  3. Match the data governance setting to the key's region if you set one.
.github/workflows/ci.yml
env:
  CONFIGCAT_SDK_KEY: ${{ secrets.CONFIGCAT_SDK_KEY }}

Configure data governance to match the key

If your product uses EU data governance, set it on the client so the key validates and config fetches from the right CDN.

flags.py
client = configcatclient.get(
    os.environ["CONFIGCAT_SDK_KEY"],
    ConfigCatOptions(data_governance=DataGovernance.EU_ONLY),
)

How to prevent it

  • Keep the ConfigCat SDK Key in CI secrets, never committed.
  • Verify the full key is injected, not a truncated value.
  • Set data governance on the client to match the key region.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →