diff --git a/agent/actions/login.go b/agent/actions/login.go
index 1109b06..92134a7 100644
--- a/agent/actions/login.go
+++ b/agent/actions/login.go
@@ -34,7 +34,8 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
 	var masterKey crypto.MasterKey
 	var masterpasswordHash string
 
-	if secret, err := cfg.GetClientSecret(); err == nil && secret != "" {
+	var secret string // don't shadow err in the next line
+	if secret, err = cfg.GetClientSecret(); err == nil && secret != "" {
 		actionsLog.Info("Logging in with client secret")
 		token, masterKey, masterpasswordHash, err = bitwarden.LoginWithApiKey(ctx, req.Email, cfg, vault)
 	} else if req.Passwordless {
diff --git a/agent/vault/vault.go b/agent/vault/vault.go
index c0548e6..7dccc4b 100644
--- a/agent/vault/vault.go
+++ b/agent/vault/vault.go
@@ -149,9 +149,9 @@ func (vault *Vault) isSSHKey(cipher models.Cipher) bool {
 			cipherID := cipher.ID.String()
 			if cipher.OrganizationID != nil {
 				orgID := cipher.OrganizationID.String()
-				vaultLog.Error("Failed to decrypt field name with on cipher "+cipherID+" in organization "+orgID, err.Error())
+				vaultLog.Error("Failed to decrypt field name with on cipher %s in organization %s: %s", cipherID, orgID, err.Error())
 			} else {
-				vaultLog.Error("Failed to decrypt field name with on cipher "+cipherID, err.Error())
+				vaultLog.Error("Failed to decrypt field name with on cipher %s: %s", cipherID, err.Error())
 			}
 			continue
 		}