The length of the Duo secret key is documented within the Guacamole manual as exactly 20 characters. This is incorrect. The integration key is exactly 20 characters, but the secret key is 40 characters.
This can be seen in the definition and usage of the constants in Duo's DuoWeb class:
Note that the lengths of the various keys are not actually enforced by the guacamole-auth-duo extension, so while the manual is incorrect, the extension should still function as long as correct key values are provided.