Environments & SDK keys

Per-environment keys, the CDN path, and key rotation.

An environment is an isolated copy of your flag values within a project. Every project starts with two — development and production — and you can add, rename, reorder, or remove them (you just can't delete the last one).

The same flag can have completely different targeting in each environment: on at 100% in development, off in production, or rolling out to 10% in staging.

SDK keys

Each environment has its own SDK key — a long, opaque, fully random string (~43 characters). It does double duty:

  1. It's the address. Your config is published to the CDN at {sdk_key}/flags.json. The key is how the SDK finds the right environment's file — there's no separate environment parameter to set.
  2. It's the credential. Possession of the key is what grants read access to that environment's config.

Because the key encodes the environment, pointing an SDK at production instead of development is just a matter of which key you pass:

# development
client = Switchbox(sdk_key="dev-environment-key")


# production
client = Switchbox(sdk_key="prod-environment-key")

Find and copy a key in the dashboard under a project's Environments tab.

SDK keys are read-only and environment-scoped — they can't write flags or reach other environments. They're meant to ship in your application. Still, treat the production key with care and rotate it if it leaks (below).

Rotating an SDK key

If a key is exposed, rotate it from the Environments tab. Rotation is designed to be zero-downtime:

  • A brand-new key is generated and becomes the primary path.
  • The old key keeps working for a 24-hour grace period. During that window, Switchbox publishes the config to both the old and new key paths.
  • Update your app to the new key any time within those 24 hours and deploy. After the grace period, the old key stops being published and returns 404.

This means you can rotate first and redeploy at your own pace, without a window where live clients break.

Next