I don’t know what y’all were thinking when you changed the CLI so that when I log in now I have to enter not only my username, master password, and 2FA code, but also my API key, but this is a stupid change and you should revert it. Requiring the API key to be entered adds no meaningful additional security over and above the username, master password, and 2FA code; it’s just an unnecessary annoyance. Please reconsider this.
Hi @jik - thanks for the feedback.
As part of new captcha security procedures to protect our users, CLI authentication is inadvertently (and temporarily) caught in this process.
A fix is slated for the end of Oct remediates this and bypasses captcha for devices previously associated with your account.
As an interim step, you could look into API key-based authentication through env variables or files and unlocking your vault as a second step with your master password.
@jik - thanks again for the clear feedback - we’ve pushed a hotfix that allows known devices to authenticate without the API key. You should be back in business now. Please let us know!
Great news - I just tried it and everything seems to work normally for me!
1 Like