From af9b72717c14be93d07582020bef776eaaa81e4c Mon Sep 17 00:00:00 2001
From: Vault Automation <github-team-secure-vault-core@hashicorp.com>
Date: Wed, 13 May 2026 15:18:14 -0600
Subject: [PATCH] Backport Detect errors when writing totp keys to storage into
 release/2.x.x+ent into ce/release/2.x.x (#14786)

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
---
 changelog/_14778.txt | 3 +++
 vault/login_mfa.go   | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 changelog/_14778.txt

diff --git a/changelog/_14778.txt b/changelog/_14778.txt
new file mode 100644
index 0000000000..804511a9aa
--- /dev/null
+++ b/changelog/_14778.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Fix failure to detect errors during storage writes of totp keys.
+```
diff --git a/vault/login_mfa.go b/vault/login_mfa.go
index b17ff938c0..3fd4de76ff 100644
--- a/vault/login_mfa.go
+++ b/vault/login_mfa.go
@@ -1097,13 +1097,13 @@ func (c *Core) PersistTOTPKey(ctx context.Context, methodID, entityID, key strin
 	}
 	val, err := jsonutil.EncodeJSON(ks)
 	if err != nil {
-		return err
+		return fmt.Errorf("error encoding TOTP key: %w", err)
 	}
-	if c.barrier.Put(ctx, &logical.StorageEntry{
+	if err := c.barrier.Put(ctx, &logical.StorageEntry{
 		Key:   fmt.Sprintf("%s%s/%s", mfaTOTPKeysPrefix, methodID, entityID),
 		Value: val,
 	}); err != nil {
-		return err
+		return fmt.Errorf("error persisting TOTP key to storage: %w", err)
 	}
 	return nil
 }