Skip to content
Latchkey

Hardhat "Invalid account: private key too short" in CI

Hardhat parsed the accounts array in a network config and one entry is not a valid 32-byte private key. In CI this almost always means a secret was not injected, so the value is empty or truncated.

What this error means

A command using a network config fails with "HardhatError: HH8: ... Invalid account: #0 for network: sepolia - private key too short, expected 32 bytes".

Hardhat
Invalid account: #0 for network: sepolia - private key too short, expected 32 bytes

Common causes

The private key secret is not set in CI

The config reads process.env.PRIVATE_KEY, which is undefined or empty on the runner, so hardhat sees a zero-length key.

The key is missing its 0x prefix or is truncated

A key stored without the expected format or accidentally clipped does not decode to 32 bytes.

How to fix it

Inject a valid key from a secret

  1. Store a real 32-byte private key as a CI secret.
  2. Expose it to the step and reference it in the accounts array.
  3. Only configure the network for jobs that actually need signing.
.github/workflows/ci.yml
env:
  PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}

Guard the accounts array against empty values

Include the account only when the key is present so local compile and test jobs do not fail on a missing secret.

hardhat.config.js
accounts: process.env.PRIVATE_KEY ? [process.env.PRIVATE_KEY] : [],

How to prevent it

  • Never commit private keys; inject them via secrets.
  • Guard signing networks so unit tests do not require a key.
  • Validate key format before configuring a network.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →