diff --git a/internal/app/vault.go b/internal/app/vault.go
index eaa2b310..8ec90f74 100644
--- a/internal/app/vault.go
+++ b/internal/app/vault.go
@@ -106,8 +106,12 @@ func loadVaultKey(vaultDir string, keychains *keychain.List) ([]byte, error) {
 
 	key, err := vault.GetVaultKey(kc)
 	if err != nil {
-		logrus.WithError(err).Warn("Not possible to retrieve vault key, generating new")
-		return vault.NewVaultKey(kc)
+		if keychain.IsErrKeychainNoItem(err) {
+			logrus.WithError(err).Warn("no vault key found, generating new")
+			return vault.NewVaultKey(kc)
+		}
+
+		return nil, fmt.Errorf("could not check for vault key: %w", err)
 	}
 
 	return key, nil
diff --git a/pkg/keychain/helper_darwin.go b/pkg/keychain/helper_darwin.go
index 2ae834a7..5d9147fd 100644
--- a/pkg/keychain/helper_darwin.go
+++ b/pkg/keychain/helper_darwin.go
@@ -125,7 +125,7 @@ func (h *macOSHelper) Get(secretURL string) (string, string, error) {
 	}
 
 	if len(results) == 0 {
-		return "", "", errors.New("no result")
+		return "", "", ErrKeychainNoItem
 	}
 
 	if len(results) != 1 {
diff --git a/pkg/keychain/helper_dbus_linux.go b/pkg/keychain/helper_dbus_linux.go
index cf85c91a..8218d21b 100644
--- a/pkg/keychain/helper_dbus_linux.go
+++ b/pkg/keychain/helper_dbus_linux.go
@@ -168,10 +168,14 @@ func (s *SecretServiceDBusHelper) Get(serverURL string) (string, string, error)
 		serverAtt: serverURL,
 	})
 
-	if len(items) == 0 || err != nil {
+	if err != nil {
 		return "", "", err
 	}
 
+	if len(items) == 0 {
+		return "", "", ErrKeychainNoItem
+	}
+
 	item := items[0]
 
 	attributes, err := service.GetAttributes(item)
diff --git a/pkg/keychain/keychain.go b/pkg/keychain/keychain.go
index c8656294..21f276b5 100644
--- a/pkg/keychain/keychain.go
+++ b/pkg/keychain/keychain.go
@@ -41,8 +41,14 @@ var (
 
 	// ErrMacKeychainRebuild is returned on macOS with blocked or corrupted keychain.
 	ErrMacKeychainRebuild = errors.New("keychain error -25293")
+
+	ErrKeychainNoItem = errors.New("no such keychain item")
 )
 
+func IsErrKeychainNoItem(err error) bool {
+	return errors.Is(err, ErrKeychainNoItem) || credentials.IsErrCredentialsNotFound(err)
+}
+
 type Helpers map[string]helperConstructor
 
 type List struct {
@@ -173,7 +179,16 @@ func (kc *Keychain) Get(userID string) (string, string, error) {
 	kc.locker.Lock()
 	defer kc.locker.Unlock()
 
-	return kc.helper.Get(kc.secretURL(userID))
+	id, key, err := kc.helper.Get(kc.secretURL(userID))
+	if err != nil {
+		return id, key, err
+	}
+
+	if key == "" {
+		return id, key, ErrKeychainNoItem
+	}
+
+	return id, key, err
 }
 
 func (kc *Keychain) Put(userID, secret string) error {
diff --git a/pkg/keychain/keychain_test.go b/pkg/keychain/keychain_test.go
index 22855bdd..becbb4d3 100644
--- a/pkg/keychain/keychain_test.go
+++ b/pkg/keychain/keychain_test.go
@@ -114,3 +114,16 @@ func TestInsertReadRemove(t *testing.T) {
 		require.NotContains(t, actualList, id)
 	}
 }
+
+func TestIsErrKeychainNoItem(t *testing.T) {
+	r := require.New(t)
+	helpers := NewList().GetHelpers()
+
+	for helperName := range helpers {
+		kc, err := NewKeychain(helperName, "bridge-test", helpers, helperName)
+		r.NoError(err)
+
+		_, _, err = kc.Get("non-existing")
+		r.True(IsErrKeychainNoItem(err), "failed for %s with error %w", helperName, err)
+	}
+}