diff --git a/agent/actions/login.go b/agent/actions/login.go
index 1109b06..92134a7 100644
--- a/agent/actions/login.go
+++ b/agent/actions/login.go
@@ -34,7 +34,8 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
 	var masterKey crypto.MasterKey
 	var masterpasswordHash string
 
-	if secret, err := cfg.GetClientSecret(); err == nil && secret != "" {
+	var secret string // don't shadow err in the next line
+	if secret, err = cfg.GetClientSecret(); err == nil && secret != "" {
 		actionsLog.Info("Logging in with client secret")
 		token, masterKey, masterpasswordHash, err = bitwarden.LoginWithApiKey(ctx, req.Email, cfg, vault)
 	} else if req.Passwordless {