diff --git a/pkg/bff/activity_test.go b/pkg/bff/activity_test.go
index 1946ee6b8..fae6ce86f 100644
--- a/pkg/bff/activity_test.go
+++ b/pkg/bff/activity_test.go
@@ -135,6 +135,7 @@ func (s *bffTestSuite) TestActivitySubscriber() {
 	// Test running the subscriber under a waitgroup
 	conf.Topic = "network-activity"
 	conf.Testing = true
+	conf.Network = activity.TestNet
 	conf.Ensign = ensign.Config{
 		ClientID:     "client-id",
 		ClientSecret: "client-secret",
diff --git a/pkg/bff/config/config.go b/pkg/bff/config/config.go
index 7a733c976..e859c9c18 100644
--- a/pkg/bff/config/config.go
+++ b/pkg/bff/config/config.go
@@ -14,7 +14,6 @@ import (
 	"github.com/rs/zerolog"
 	"github.com/trisacrypto/directory/pkg/store/config"
 	"github.com/trisacrypto/directory/pkg/utils/activity"
-	"github.com/trisacrypto/directory/pkg/utils/ensign"
 	"github.com/trisacrypto/directory/pkg/utils/logger"
 	"github.com/trisacrypto/directory/pkg/utils/sentry"
 	"github.com/trisacrypto/trisa/pkg/trisa/mtls"
@@ -104,12 +103,6 @@ type CacheConfig struct {
 	Expiration time.Duration `split_words:"true" default:"8h"`
 }
 
-type ActivityConfig struct {
-	Enabled bool   `split_words:"true" default:"false"`
-	Topic   string `split_words:"true"`
-	Ensign  ensign.Config
-}
-
 // New creates a new Config object from environment variables prefixed with GDS_BFF.
 func New() (conf Config, err error) {
 	// Load and validate the configuration from the environment.
diff --git a/pkg/gds/config/config.go b/pkg/gds/config/config.go
index c7bebc485..d539c809d 100644
--- a/pkg/gds/config/config.go
+++ b/pkg/gds/config/config.go
@@ -162,6 +162,14 @@ func (c Config) Validate() (err error) {
 		return err
 	}
 
+	if err = c.Sentry.Validate(); err != nil {
+		return err
+	}
+
+	if err = c.Activity.Validate(); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -171,7 +179,6 @@ func (c GDSConfig) Validate() error {
 			return errors.New("invalid configuration: bind addr is required for enabled GDS")
 		}
 	}
-
 	return nil
 }
 
diff --git a/pkg/gds/config/config_test.go b/pkg/gds/config/config_test.go
index 4fd5f2e62..158c44788 100644
--- a/pkg/gds/config/config_test.go
+++ b/pkg/gds/config/config_test.go
@@ -193,7 +193,6 @@ func TestAuthorizedDomainsPreprocessing(t *testing.T) {
 }
 
 func TestRequiredConfig(t *testing.T) {
-	t.Skip("test assumes that confire is processing required tags recursively, is it?")
 	required := []string{
 		"GDS_DATABASE_URL",
 		"GDS_SECRET_KEY",
diff --git a/pkg/utils/activity/config.go b/pkg/utils/activity/config.go
index 4a0fca03b..8184d5e8f 100644
--- a/pkg/utils/activity/config.go
+++ b/pkg/utils/activity/config.go
@@ -1,30 +1,34 @@
 package activity
 
 import (
+	"errors"
 	"time"
 
 	"github.com/trisacrypto/directory/pkg/utils/ensign"
 )
 
 type Config struct {
-	Enabled           bool          `split_words:"true" default:"false"`
-	Topic             string        `split_words:"true"`
-	Network           Network       `split_words:"true"`
+	Enabled           bool          `default:"false"`
+	Topic             string        `required:"false"`
+	Network           Network       `required:"false" validate:"ignore"`
 	AggregationWindow time.Duration `split_words:"true" default:"5m"`
-	Testing           bool          `split_words:"true" default:"false"`
-	Ensign            ensign.Config
+	Testing           bool          `default:"false" `
+	Ensign            ensign.Config `validate:"ignore"`
 }
 
 func (c Config) Validate() (err error) {
 	if c.Enabled {
 		if c.Topic == "" {
-			return ErrMissingTopic
+			err = errors.Join(err, ErrMissingTopic)
 		}
 
-		if err = c.Ensign.Validate(); err != nil {
-			return err
+		if verr := c.Network.Validate(); verr != nil {
+			err = errors.Join(err, verr)
 		}
-	}
 
-	return nil
+		if verr := c.Ensign.Validate(); verr != nil {
+			err = errors.Join(err, verr)
+		}
+	}
+	return err
 }
diff --git a/pkg/utils/activity/config_test.go b/pkg/utils/activity/config_test.go
index 895b6fe38..757e7baa2 100644
--- a/pkg/utils/activity/config_test.go
+++ b/pkg/utils/activity/config_test.go
@@ -35,6 +35,7 @@ func TestActivityValidation(t *testing.T) {
 
 	// Test valid enabled configuration
 	conf.Enabled = true
+	conf.Network = activity.TestNet
 	conf.Ensign.ClientID = "client-id"
 	require.NoError(t, conf.Validate())
 }
diff --git a/pkg/utils/activity/event.go b/pkg/utils/activity/event.go
index d479a812b..17f4cdde4 100644
--- a/pkg/utils/activity/event.go
+++ b/pkg/utils/activity/event.go
@@ -118,6 +118,7 @@ func (n Network) String() string {
 	}
 }
 
+// Check if the network is valid.
 func (n Network) Validate() error {
 	if n == UnknownNetwork {
 		return ErrUnknownNetwork
diff --git a/pkg/utils/activity/publisher_test.go b/pkg/utils/activity/publisher_test.go
index 4bd663ac9..66d6d73d2 100644
--- a/pkg/utils/activity/publisher_test.go
+++ b/pkg/utils/activity/publisher_test.go
@@ -28,7 +28,7 @@ func TestPublisher(t *testing.T) {
 		Enabled:           true,
 		AggregationWindow: time.Minute * 5,
 	}
-	require.ErrorIs(t, activity.ErrMissingTopic, activity.Start(conf), "expected missing topic error")
+	require.Error(t, activity.Start(conf), "expected error with bad configuration")
 
 	// Test publisher in disabled mode starts
 	activity.Reset()
diff --git a/pkg/utils/ensign/config.go b/pkg/utils/ensign/config.go
index 7fcc71174..f5856b53f 100644
--- a/pkg/utils/ensign/config.go
+++ b/pkg/utils/ensign/config.go
@@ -1,6 +1,8 @@
 package ensign
 
 import (
+	"errors"
+
 	sdk "github.com/rotationalio/go-ensign"
 )
 
@@ -8,30 +10,35 @@ import (
 type Config struct {
 	ClientID     string `split_words:"true"`
 	ClientSecret string `split_words:"true"`
-	Endpoint     string `split_words:"true" default:"ensign.rotational.app:443"`
+	Endpoint     string `default:"ensign.rotational.app:443"`
 	AuthURL      string `split_words:"true" default:"https://auth.rotational.app"`
-	Insecure     bool   `split_words:"true" default:"false"`
-	Testing      bool   `split_words:"true" default:"false"`
+	Insecure     bool   `default:"false"`
+	Testing      bool   `default:"false"`
 }
 
-func (c Config) Validate() error {
+// Validate that the ensign config is ready for connection.
+func (c Config) Validate() (err error) {
+	if c.Testing {
+		return nil
+	}
+
 	if c.ClientID == "" {
-		return ErrMissingClientID
+		err = errors.Join(err, ErrMissingClientID)
 	}
 
 	if c.ClientSecret == "" {
-		return ErrMissingClientSecret
+		err = errors.Join(err, ErrMissingClientSecret)
 	}
 
 	if c.Endpoint == "" {
-		return ErrMissingEndpoint
+		err = errors.Join(err, ErrMissingEndpoint)
 	}
 
 	if c.AuthURL == "" {
-		return ErrMissingAuthURL
+		err = errors.Join(err, ErrMissingAuthURL)
 	}
 
-	return nil
+	return err
 }
 
 func (c Config) ClientOptions() []sdk.Option {