What does the “mac failed” error mean exactly? I am trying to use a Bitwarden account in an automated process so I log in on the host machine, create the BW_SESSION environment variable and give it to a container which runs my process. But this does not work as any bw command triggers a “mac failed” error.
Does this maybe mean that the session key cannot be used by the container because it has a different MAC address from the host machine?
Hello Pierre!
I am actually working on this issue currently for my company. So far, I have not resolved this but, I am able to recreate the issue by attempting in Powershell:
bw get organization $organization --session $sessionKey
This will only occur if I attempt this in two shells at the same time. For our CI, we sometimes authenticate with BitWarden and if they get to this portion at the same time, it will fail with a MAC Failed error.
I will respond should I find a resolution. Hopefully, someone from BitWarden will beat me to the punch!
Hello Robert,
Thanks for your response, much appreciated!
I have spent a fair amount of time on this, and in the end I did manage to dig quite deep and address almost all my issues. Someone from Bitwarden support explained that the “mac failed” error had nothing to do with a MAC address and that “mac” here meant Message Authentication Code. The error message would make more sense if the acronym were replaced by its definition actually.
After reading various parts of the Bitwarden documentation, I found this section which helped me figure things out, and more specifically this:
Data that is stored on your computer/device is also encrypted and only decrypted when you unlock your Vault. Vault data can be found in the following locations based on the client application in use…
So the session key goes hand in hand with this vault data, which is a json file containing all the Bitwarden account information but on an encrypted basis. The session key seems to act like a private key that can de-crypt everything.
From this point on, everything made a lot more sense to me.
I am now trying to understand how to use Duo as the 2-step method. Certain processes can be automated if all one needs to do is push a button on a phone.
I hope this helps.
Pierre
Hello @boundless,
I still get a “mac failed” error from time to time, but in my experience it will go away by using one of these workarounds:
bw logout and then bw login
data.json[^1] always worksWhat is harder to figure out is what triggered the “mac failed” error. Here are a few culprits which caused me a few problems:
data.json file[^1]: as per my prior comment, this section explains where data.json is stored
@boundless and @mical , The way I solved this for now (a workaround) is that I utilized ubuntu 21.04. If you use the latest Ubuntu you get the error.
Many thanks @Robert_Lowstetter. I have not upgraded to 21.04 yet but I have experienced this problem under Windows, WSL and Ubuntu 20.04. I’ll add to this post if I observe anything else of interest.
Thanks @Robert_Lowstetter but I’m seeing this on Mac and Ubuntu 20.04. I can’t upgrade Ubuntu just yet, but it won’t help the Mac anyway.
FWIW, I had the message coming up on the BW CLI today as I was writing a backup script. It was odd because it was just refusing my SESSION_ID variable and forcing me to enter my password instead, but once I did it would work again. This was on MacOS Monterey.
In nodejs v18, while using the npm version, I received the following message
npm WARN deprecated [email protected]: Use your platform’s native performance.now() and performance.timeOrigin.
DEPRECATED problem and got it as a binary (2023.2.0),
I get a “mac failed” error and it asks for the master password again.
Please fix the mac failed in the binary version,
fix the deprecated issue in the npm version.
Either way, please fix it.
thank you.