The checkbox for biometric unlock unchecks itself with no error, I have attached a video.
I am currently using the AppImage as it says biometrics are better supported, and I have had no better luck when trying on flatpak. I am using a variant of Fedora Silverblue, Project Bluefin.
Have been trying to get this working for ages, this feature is important to me. Any help would be appreciated! Thanks!!
@Broccoli1406 Welcome to the forum!
Did you make sure this requirement is met:
?
(–> Unlock With Biometrics | Bitwarden)
I only understood this recently myself: Flatpak and Snap do support biometric unlock of the desktop app now, but they do not support unlocking the browser extension (yet?!).
I believe I do have that set up, but is there a command I can run to confirm?
@Broccoli1406 Are you on self hosted or bitwarden.com / bitwarden.eu? For the latter, you no longer need a secret service daemon, just polkit. On flatpak, you have to run manual commands to get your system set up, as documented here: Unlock With Biometrics | Bitwarden
If that doesn’t work, please run your app from the terminal and provide logs if possible.
As @Nail1684 points out, snap and flatpak are supported, but don’t integrate with the browser extension yet, pending:[Shared Unlock] [BEEEP|IS|PM-22254] Support IPC transport to desktop and browser flatpak, snap by quexten · Pull Request #14836 · bitwarden/clients · GitHub
I am on the default cloud hosted bitwarden.com from the US. I will for now at least continue using the AppImage as I would love to have the browser integration. I ran from the terminal with command ./bitwarden.appimage --no-sandbox %U &> ./log.txt and will attach the full log. The line that most stands out to me is 105 at the end since I closed the app right after attempting to enable biometrics.
22:55:55.875 › [SearchService]: index complete took 62.29999999701977 [ [ 'Items', 17 ] ]
22:56:04.074 › [Main Biometrics IPC Listener] setup failed Failed to set up polkit policy
22:56:04.129 › [NAPI] [INFO] desktop_core::password::password: OS keyring is_locked=false
Edit to attach the full log:
I don’t seem to be able to upload non images, so I will paste in the log here
22:55:43.232 › State version: 75
22:55:43.235 › Migrator MinVersionMigrator (to version 3) should migrate: false - up
22:55:43.235 › Migrator RemoveEverBeenUnlockedMigrator (to version 4) should migrate: false - up
22:55:43.235 › Migrator AddKeyTypeToOrgKeysMigrator (to version 5) should migrate: false - up
22:55:43.235 › Migrator RemoveLegacyEtmKeyMigrator (to version 6) should migrate: false - up
22:55:43.235 › Migrator MoveBiometricAutoPromptToAccount (to version 7) should migrate: false - up
22:55:43.235 › Migrator MoveStateVersionMigrator (to version 8) should migrate: false - up
22:55:43.235 › Migrator MoveBrowserSettingsToGlobal (to version 9) should migrate: false - up
22:55:43.235 › Migrator EverHadUserKeyMigrator (to version 10) should migrate: false - up
22:55:43.236 › Migrator OrganizationKeyMigrator (to version 11) should migrate: false - up
22:55:43.236 › Migrator MoveEnvironmentStateToProviders (to version 12) should migrate: false - up
22:55:43.236 › Migrator ProviderKeyMigrator (to version 13) should migrate: false - up
22:55:43.236 › Migrator MoveBiometricClientKeyHalfToStateProviders (to version 14) should migrate: false - up
22:55:43.236 › Migrator FolderMigrator (to version 15) should migrate: false - up
22:55:43.236 › Migrator LastSyncMigrator (to version 16) should migrate: false - up
22:55:43.236 › Migrator EnablePasskeysMigrator (to version 17) should migrate: false - up
22:55:43.236 › Migrator AutofillSettingsKeyMigrator (to version 18) should migrate: false - up
22:55:43.236 › Migrator RequirePasswordOnStartMigrator (to version 19) should migrate: false - up
22:55:43.236 › Migrator PrivateKeyMigrator (to version 20) should migrate: false - up
22:55:43.236 › Migrator CollectionMigrator (to version 21) should migrate: false - up
22:55:43.236 › Migrator CollapsedGroupingsMigrator (to version 22) should migrate: false - up
22:55:43.236 › Migrator MoveBiometricPromptsToStateProviders (to version 23) should migrate: false - up
22:55:43.236 › Migrator SmOnboardingTasksMigrator (to version 24) should migrate: false - up
22:55:43.236 › Migrator ClearClipboardDelayMigrator (to version 25) should migrate: false - up
22:55:43.236 › Migrator RevertLastSyncMigrator (to version 26) should migrate: false - up
22:55:43.236 › Migrator BadgeSettingsMigrator (to version 27) should migrate: false - up
22:55:43.237 › Migrator MoveBiometricUnlockToStateProviders (to version 28) should migrate: false - up
22:55:43.237 › Migrator UserNotificationSettingsKeyMigrator (to version 29) should migrate: false - up
22:55:43.237 › Migrator PolicyMigrator (to version 30) should migrate: false - up
22:55:43.237 › Migrator EnableContextMenuMigrator (to version 31) should migrate: false - up
22:55:43.237 › Migrator PreferredLanguageMigrator (to version 32) should migrate: false - up
22:55:43.237 › Migrator AppIdMigrator (to version 33) should migrate: false - up
22:55:43.237 › Migrator DomainSettingsMigrator (to version 34) should migrate: false - up
22:55:43.237 › Migrator MoveThemeToStateProviderMigrator (to version 35) should migrate: false - up
22:55:43.237 › Migrator VaultSettingsKeyMigrator (to version 36) should migrate: false - up
22:55:43.237 › Migrator AvatarColorMigrator (to version 37) should migrate: false - up
22:55:43.237 › Migrator TokenServiceStateProviderMigrator (to version 38) should migrate: false - up
22:55:43.237 › Migrator MoveBillingAccountProfileMigrator (to version 39) should migrate: false - up
22:55:43.237 › Migrator OrganizationMigrator (to version 40) should migrate: false - up
22:55:43.237 › Migrator EventCollectionMigrator (to version 41) should migrate: false - up
22:55:43.237 › Migrator EnableFaviconMigrator (to version 42) should migrate: false - up
22:55:43.237 › Migrator AutoConfirmFingerPrintsMigrator (to version 43) should migrate: false - up
22:55:43.237 › Migrator UserDecryptionOptionsMigrator (to version 44) should migrate: false - up
22:55:43.237 › Migrator MergeEnvironmentState (to version 45) should migrate: false - up
22:55:43.237 › Migrator DeleteBiometricPromptCancelledData (to version 46) should migrate: false - up
22:55:43.237 › Migrator MoveDesktopSettingsMigrator (to version 47) should migrate: false - up
22:55:43.237 › Migrator MoveDdgToStateProviderMigrator (to version 48) should migrate: false - up
22:55:43.237 › Migrator AccountServerConfigMigrator (to version 49) should migrate: false - up
22:55:43.237 › Migrator KeyConnectorMigrator (to version 50) should migrate: false - up
22:55:43.237 › Migrator RememberedEmailMigrator (to version 51) should migrate: false - up
22:55:43.237 › Migrator DeleteInstalledVersion (to version 52) should migrate: false - up
22:55:43.237 › Migrator DeviceTrustServiceStateProviderMigrator (to version 53) should migrate: false - up
22:55:43.238 › Migrator SendMigrator (to version 54) should migrate: false - up
22:55:43.238 › Migrator MoveMasterKeyStateToProviderMigrator (to version 55) should migrate: false - up
22:55:43.238 › Migrator AuthRequestMigrator (to version 56) should migrate: false - up
22:55:43.238 › Migrator CipherServiceMigrator (to version 57) should migrate: false - up
22:55:43.238 › Migrator RemoveRefreshTokenMigratedFlagMigrator (to version 58) should migrate: false - up
22:55:43.238 › Migrator KdfConfigMigrator (to version 59) should migrate: false - up
22:55:43.238 › Migrator KnownAccountsMigrator (to version 60) should migrate: false - up
22:55:43.238 › Migrator PinStateMigrator (to version 61) should migrate: false - up
22:55:43.238 › Migrator VaultTimeoutSettingsServiceStateProviderMigrator (to version 62) should migrate: false - up
22:55:43.238 › Migrator PasswordOptionsMigrator (to version 63) should migrate: false - up
22:55:43.238 › Migrator GeneratorHistoryMigrator (to version 64) should migrate: false - up
22:55:43.238 › Migrator ForwarderOptionsMigrator (to version 65) should migrate: false - up
22:55:43.238 › Migrator MoveFinalDesktopSettingsMigrator (to version 66) should migrate: false - up
22:55:43.238 › Migrator RemoveUnassignedItemsBannerDismissed (to version 67) should migrate: false - up
22:55:43.238 › Migrator MoveLastSyncDate (to version 68) should migrate: false - up
22:55:43.238 › Migrator MigrateIncorrectFolderKey (to version 69) should migrate: false - up
22:55:43.238 › Migrator RemoveAcBannersDismissed (to version 70) should migrate: false - up
22:55:43.238 › Migrator RemoveNewCustomizationOptionsCalloutDismissed (to version 71) should migrate: false - up
22:55:43.238 › Migrator RemoveAccountDeprovisioningBannerDismissed (to version 72) should migrate: false - up
22:55:43.238 › Migrator AddMasterPasswordUnlockData (to version 73) should migrate: false - up
22:55:43.238 › Migrator RemoveLegacyPin (to version 74) should migrate: false - up
22:55:43.238 › Migrator RemoveUserEncryptedPrivateKey (to version 75) should migrate: false - up
22:55:43.589 › [Process Isolation] Isolating process from debuggers and memory dumps
22:55:43.606 › [NAPI] [INFO] desktop_core::process_isolation::process_isolation: Disabling ptrace and memory access for main via PR_SET_DUMPABLE. pid=62684
22:55:43.613 › Coredumps are disabled in renderer process
22:55:43.865 › Native messaging server started at: /var/home/ilan/.cache/com.bitwarden.desktop/s.bw
22:55:43.881 › Chrome not found, skipping.
22:55:43.882 › Chromium not found, skipping.
22:55:43.882 › Microsoft Edge not found, skipping.
22:55:44.446 › [Native Messaging IPC] Browser integration fingerprint validation is disabled, untrusting all connected apps
Error occurred in handler for 'sshagent.clearkeys': Error: No handler registered for 'sshagent.clearkeys'
at Session.<anonymous> (node:electron/js2c/browser_init:2:107393)
at Session.emit (node:events:519:28)
22:55:44.449 › State version: 75
22:55:44.450 › Unhandled error in angular Error: Error invoking remote method 'sshagent.clearkeys': Error: No handler registered for 'sshagent.clearkeys'
22:55:44.466 › [NAPI] [INFO] desktop_core::password::password: falling back to get legacy Bitwarden_auto bc3b6e6f-9bd8-4b5b-b9cb-b35c00fd3fc7_user_auto
22:55:44.504 › Using SignalR for server notifications
22:55:44.768 › [SignalR] WebSocket connected to wss://notifications.bitwarden.com/hub?access_token=[REDACTED]
22:55:44.769 › [SignalR] Using HubProtocol 'messagepack'.
22:55:48.203 › [Pin Service] Pin-unlock via PinProtectedUserKeyEnvelope
22:55:48.492 › Failed to unseal pin: CryptoClientError: Wrong password
22:55:48.799 › Checking for update
22:55:48.957 › Update for version 2026.3.1 is not available (latest version: 2026.3.1, downgrade is disallowed).
22:55:55.348 › [Pin Service] Pin-unlock via PinProtectedUserKeyEnvelope
22:55:55.577 › [PinService]: UnsealPinEnvelope took 228.40000000223517 null
22:55:55.578 › Vault unlocked 2026-04-07T02:55:55.577Z
22:55:55.625 › [NAPI] [INFO] desktop_core::password::password: OS keyring is_locked=false
22:55:55.639 › [LockComponent] Private key regeneration took 0ms
22:55:55.759 › [EncryptedMigrationsScheduler] No migrations needed for user bc3b6e6f-9bd8-4b5b-b9cb-b35c00fd3fc7
22:55:55.809 › [CipherService]: decrypt complete took 29.5 [ [ 'Items', 17 ] ]
22:55:55.874 › [EncryptedMigrationsScheduler] No migrations needed for user bc3b6e6f-9bd8-4b5b-b9cb-b35c00fd3fc7
22:55:55.875 › [SearchService]: index complete took 62.29999999701977 [ [ 'Items', 17 ] ]
22:56:04.074 › [Main Biometrics IPC Listener] setup failed Failed to set up polkit policy
22:56:04.129 › [NAPI] [INFO] desktop_core::password::password: OS keyring is_locked=false
[62727:0406/225604.223041:ERROR:ui/gl/gl_surface_presentation_helper.cc:260] GetVSyncParametersIfAvailable() failed for 1 times!
[62727:0406/225607.028426:ERROR:ui/gl/gl_surface_presentation_helper.cc:260] GetVSyncParametersIfAvailable() failed for 2 times!
I’m now thinking it has to do with the atomic nature of Fedora Silverblue/Bluefin, like talked about in this issue and the ones it references.
These issues are all using flatpak, and I’m not sure how to get around it for the appimage, if the filename for the policy used is only for flatpak id, and if there are commands other than file creation necessary. Or of course if I’m just on the wrong track entirely
Thanks so much for your continued help by the way I really appreciate y’all!
Trying to manually place the file in a writable location doesn’t seem to work, enabling the use biometrics option still unchecks itself sadly