What does the “mac failed” error mean exactly? I am trying to use a Bitwarden account in an automated process so I log in on the host machine, create the BW_SESSION environment variable and give it to a container which runs my process. But this does not work as any bw command triggers a “mac failed” error.
Does this maybe mean that the session key cannot be used by the container because it has a different MAC address from the host machine?
I am actually working on this issue currently for my company. So far, I have not resolved this but, I am able to recreate the issue by attempting in Powershell:
bw get organization $organization --session $sessionKey
This will only occur if I attempt this in two shells at the same time. For our CI, we sometimes authenticate with BitWarden and if they get to this portion at the same time, it will fail with a MAC Failed error.
I will respond should I find a resolution. Hopefully, someone from BitWarden will beat me to the punch!
I have spent a fair amount of time on this, and in the end I did manage to dig quite deep and address almost all my issues. Someone from Bitwarden support explained that the “mac failed” error had nothing to do with a MAC address and that “mac” here meant Message Authentication Code. The error message would make more sense if the acronym were replaced by its definition actually.
After reading various parts of the Bitwarden documentation, I found this section which helped me figure things out, and more specifically this: Data that is stored on your computer/device is also encrypted and only decrypted when you unlock your Vault. Vault data can be found in the following locations based on the client application in use…
So the session key goes hand in hand with this vault data, which is a json file containing all the Bitwarden account information but on an encrypted basis. The session key seems to act like a private key that can de-crypt everything.
From this point on, everything made a lot more sense to me.
I am now trying to understand how to use Duo as the 2-step method. Certain processes can be automated if all one needs to do is push a button on a phone.
FWIW, I had the message coming up on the BW CLI today as I was writing a backup script. It was odd because it was just refusing my SESSION_ID variable and forcing me to enter my password instead, but once I did it would work again. This was on MacOS Monterey.
In nodejs v18, while using the npm version, I received the following message
npm WARN deprecated [email protected]: Use your platform’s native performance.now() and performance.timeOrigin.
DEPRECATED problem and got it as a binary (2023.2.0),
I get a “mac failed” error and it asks for the master password again.
Please fix the mac failed in the binary version,
fix the deprecated issue in the npm version.
Either way, please fix it.