diff --git a/internal/cli/app.go b/internal/cli/app.go
index 4566a41..38d535e 100644
--- a/internal/cli/app.go
+++ b/internal/cli/app.go
@@ -687,10 +687,7 @@ func mapAppError(err error) error {
 	case errors.Is(err, mcpserver.ErrCredentialsNotConfigured):
 		return newUserFacingError("credentials not configured; run `email-mcp setup`", err)
 	case errors.Is(err, frameworksecretstore.ErrBackendUnavailable):
-		return newUserFacingError(
-			fmt.Sprintf("%s is not available; configure the declared secret backend and retry", frameworksecretstore.BackendName()),
-			err,
-		)
+		return newUserFacingError(strings.TrimSpace(err.Error()), err)
 	case errors.Is(err, frameworksecretstore.ErrReadOnly):
 		return newUserFacingError("secret backend is read-only", err)
 	default:
diff --git a/internal/cli/app_test.go b/internal/cli/app_test.go
index 95d7a54..1b7d380 100644
--- a/internal/cli/app_test.go
+++ b/internal/cli/app_test.go
@@ -1210,6 +1210,23 @@ func TestMapAppErrorMapsUnavailableSecretBackendError(t *testing.T) {
 	}
 }
 
+func TestMapAppErrorPreservesBitwardenBackendDetails(t *testing.T) {
+	err := mapAppError(fmt.Errorf(
+		"cannot use bitwarden CLI command %q right now: %w",
+		"bw",
+		errors.Join(frameworksecretstore.ErrBackendUnavailable, frameworksecretstore.ErrBWLocked),
+	))
+	if err == nil {
+		t.Fatal("expected mapped error")
+	}
+	if !strings.Contains(strings.ToLower(err.Error()), "bitwarden") {
+		t.Fatalf("expected bitwarden guidance, got %v", err)
+	}
+	if strings.Contains(strings.ToLower(err.Error()), "secret service") || strings.Contains(strings.ToLower(err.Error()), "kwallet") {
+		t.Fatalf("unexpected keyring guidance: %v", err)
+	}
+}
+
 func TestExecuteSetupWritesMappedErrorAndReturnsExitCodeOne(t *testing.T) {
 	app := NewAppWithDependencies(
 		&configPrompterStub{},