Lost passkey (on vault sync?) #1828

New Issue

Closed

opened 2026-02-05 01:55:35 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-05 01:55:35 +03:00

Owner

Copy Link

Originally created by @freekvh on GitHub (Jan 25, 2024).

Subject of the issue

Lost a passkey after it worked a while in the BitWarden FireFox extension

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.30.1
• Web-vault version: v2023.10.0
• OS/Arch: linux/x86_64
• Running within Docker: true (Base: Debian)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: false (X-Forwarded-For)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.44.0
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**********",
  "domain_origin": "*****://**********",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": null,
  "smtp_password": null,
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

• vaultwarden version: 1.30.1

• Install method: docker-composer

• Clients used: Firefxox extension and iOS app

• Reverse proxy and version:

• MySQL/MariaDB or PostgreSQL version:

• Other relevant details:

Steps to reproduce

Accept a passkey, it will work for some time, then it will stop working (the FF extension will start asking you to scan QR code to provide a key from another device.

Expected behaviour

I expected that it would keep working. I now realize there is no support, I just didn't stop to think about it. My questions thus is: Is there a way to retreive the lost passkey?

Actual behaviour

It worked for a while (a couple of log ins), then stopped working

Troubleshooting data

Originally created by @freekvh on GitHub (Jan 25, 2024). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue Lost a passkey after it worked a while in the BitWarden FireFox extension ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.30.1 * Web-vault version: v2023.10.0 * OS/Arch: linux/x86_64 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: false (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.44.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**********", "domain_origin": "*****://**********", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "", "smtp_from_name": "Vaultwarden", "smtp_host": null, "smtp_password": null, "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": null, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1.30.1 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: docker-composer * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> Firefxox extension and iOS app * Reverse proxy and version: <!-- if applicable --> * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> Accept a passkey, it will work for some time, then it will stop working (the FF extension will start asking you to scan QR code to provide a key from another device. ### Expected behaviour I expected that it would keep working. I now realize there is no support, I just didn't stop to think about it. **My questions thus is: Is there a way to retreive the lost passkey?** ### Actual behaviour It worked for a while (a couple of log ins), then stopped working ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->

OVERLORD closed this issue 2026-02-05 01:55:37 +03:00

OVERLORD commented 2026-02-05 01:55:41 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jan 25, 2024):

That would be strange. There is no difference in a normal password or passkey in regards to how it is stored in the database used by Vaultwarden.

What could be is that your Extension isn't able to sync with the server.
Try to force a manual sync via the menu.
Settings > Sync > Sync vault now

If that doesn't work, or generates an error, logout of the extension (not locking), and login again.
That should solve your problems.

@BlackDex commented on GitHub (Jan 25, 2024): That would be strange. There is no difference in a normal password or passkey in regards to how it is stored in the database used by Vaultwarden. What could be is that your Extension isn't able to sync with the server. Try to force a manual sync via the menu. _Settings_ > _Sync_ > _Sync vault now_ If that doesn't work, or generates an error, logout of the extension (not locking), and login again. That should solve your problems.

OVERLORD commented 2026-02-05 01:55:46 +03:00

Author

Owner

Copy Link

@freekvh commented on GitHub (Jan 25, 2024):

What happens is that where the BitWarden extension would first show me a pop up where I click to login in, using the passkey, now it comes up with a QR code:

When I scan this with my iPhone it tells me it is looking for another device on Bluetooth... Then times out.

I do have a passkey for this website:

Btw, this is on chromium, on Firefox (my default), nothing happens when I click "log in with passkey" on the website.

@freekvh commented on GitHub (Jan 25, 2024): What happens is that where the BitWarden extension would first show me a pop up where I click to login in, using the passkey, now it comes up with a QR code:  When I scan this with my iPhone it tells me it is looking for another device on Bluetooth... Then times out. I do have a passkey for this website:  Btw, this is on chromium, on Firefox (my default), nothing happens when I click "log in with passkey" on the website.

OVERLORD commented 2026-02-05 01:55:49 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jan 25, 2024):

This seems like a client side issue then, and nothing we can fix.
As you stated the passkey is there.
Also verify if your mobile client can sync by manually sync the vault.

And, try to test it on passkeys.io, it tested this yesterday, and that works just fine.

@BlackDex commented on GitHub (Jan 25, 2024): This seems like a client side issue then, and nothing we can fix. As you stated the passkey is there. Also verify if your mobile client can sync by manually sync the vault. And, try to test it on passkeys.io, it tested this yesterday, and that works just fine.

OVERLORD commented 2026-02-05 01:55:54 +03:00

Author

Owner

Copy Link

@freekvh commented on GitHub (Jan 25, 2024):

Ah, I just fixed it by, I deleted .config/chromium, which reset everything. And then I got the option to use passkey again. Apologies, I didn't think to try this before.

I'll stay away from passkeys from now, since the iOS app also does not support it anyway.... Thanx for the help.

@freekvh commented on GitHub (Jan 25, 2024): Ah, I just fixed it by, I deleted .config/chromium, which reset everything. And then I got the option to use passkey again. Apologies, I didn't think to try this before. I'll stay away from passkeys from now, since the iOS app also does not support it anyway.... Thanx for the help.

OVERLORD commented 2026-02-05 01:55:59 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jan 25, 2024):

Nice that it is resolved.
Only browser extensions support this currently, no other client platform.

En graag gedaan!

@BlackDex commented on GitHub (Jan 25, 2024): Nice that it is resolved. Only browser extensions support this currently, no other client platform. En graag gedaan!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1828