Apikey login issue

I’m running on windows 10, have installed bw cli with Chocolatey and can login with bw login as shown below.

I’m blocked in a way I have been unable to figure out when I try to login with the --apikey, also shown below. Searching on the error message and in the bw cli github repo has not led me to any ideas.

Any help appreciated

D:\bitwarden\bitwarden_experiments>bw login

? Email address: [email protected]_domain.com

? Master password: [hidden]

You are logged in!

To unlock your vault, set your session key to the BW_SESSION environment variable. ex:

$ export BW_SESSION=“some_long_session_key”


You can also pass the session key to any command with the --session option. ex:

$ bw list items --session some_long_session_key

D:\bitwarden\bitwarden_experiments>bw logout

You have logged out.

D:\bitwarden\bitwarden_experiments>whereis bw


D:\bitwarden\bitwarden_experiments>bw login --apikey

Cannot read properties of null (reading ‘profile’)

Hey @IWantToBelieve, can you check to be sure that you are you the personal key, not an organization key (if BW_CLIENTID / BW_CLIENTSECRET env variables are set)

Thanks for the quick response @dwbit

Your answer indicates there are personal api keys and organization api keys if I am reading that correctly. If so, I missed that completely in the documentation. My BW_CLIENTID & BW_CLIENTSECRET env variables are set in windows, but my clientid has “organization” in the string as shown below.

To try to make more progress, I tried to go through the documentation for linux, so set up a debian docker container, downloaded and installed bw and tried the API key login there. I did not set the env variables in docker yet. This got me slightly farther than windows and you can see below:

[email protected]:/domain# bw login --apikey
? client_id: organization.abcdefgh-abcd-2efgh-34ij-abcd1234ijkl
? client_secret: 1234567890abcdefghijklmnopqrst
Cannot read properties of null (reading 'profile')

On linux I got prompted for the client_id / client_secret which had not happened in windows, and then hit the same message.

I modified the env variable values, but my original client_id for sure has the “organization” string included.

I’ll start going through the documentation and the browser GUI for the vault looking for where to set an independent personal API key, or where multiple categories of API keys are defined.

Or maybe I need to delete my organization, and then create an API key, which would be personal, I guess. Let me know if you have any recommendations or suggestions where to start looking.

The Personal API Key for CLI Authentication Help Center article outlines the nuances, let me know if that helps!

That was it, when I created the personal api key bw login --api worked
Thanks for the quick response

1 Like