diff --git a/config_builder.go b/config_builder.go
index a2ae613eb5..2be57717e2 100644
--- a/config_builder.go
+++ b/config_builder.go
@@ -97,7 +97,7 @@ type WalletConfigBuilder interface {
 	BuildWalletConfig(context.Context, *DatabaseInstances,
 		*rpcperms.InterceptorChain,
 		[]*ListenerWithSignal) (*chainreg.PartialChainControl,
-		*btcwallet.Config, func(), error)
+		*btcwallet.Config, func(), []byte, error)
 }
 
 // ChainControlBuilder is an interface that must be satisfied by a custom wallet
@@ -220,7 +220,7 @@ func (d *DefaultWalletImpl) Permissions() map[string][]bakery.Op {
 func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 	dbs *DatabaseInstances, interceptorChain *rpcperms.InterceptorChain,
 	grpcListeners []*ListenerWithSignal) (*chainreg.PartialChainControl,
-	*btcwallet.Config, func(), error) {
+	*btcwallet.Config, func(), []byte, error) {
 
 	// Keep track of our various cleanup functions. We use a defer function
 	// as well to not repeat ourselves with every return statement.
@@ -262,7 +262,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 			err := fmt.Errorf("unable to initialize neutrino "+
 				"backend: %v", err)
 			d.logger.Error(err)
-			return nil, nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 		cleanUpTasks = append(cleanUpTasks, neutrinoCleanUp)
 		neutrinoCS = neutrinoBackend
@@ -287,7 +287,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 	d.pwService.SetMacaroonDB(dbs.MacaroonDB)
 	walletExists, err := d.pwService.WalletExists()
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 
 	if !walletExists {
@@ -304,7 +304,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 	if d.cfg.WalletUnlockPasswordFile != "" && !walletExists &&
 		!d.cfg.WalletUnlockAllowCreate {
 
-		return nil, nil, nil, fmt.Errorf("wallet unlock password file " +
+		return nil, nil, nil, nil, fmt.Errorf("wallet unlock password file " +
 			"was specified but wallet does not exist; initialize " +
 			"the wallet before using auto unlocking")
 	}
@@ -323,7 +323,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 			"password provided in file")
 		pwBytes, err := ioutil.ReadFile(d.cfg.WalletUnlockPasswordFile)
 		if err != nil {
-			return nil, nil, nil, fmt.Errorf("error reading "+
+			return nil, nil, nil, nil, fmt.Errorf("error reading "+
 				"password from file %s: %v",
 				d.cfg.WalletUnlockPasswordFile, err)
 		}
@@ -339,7 +339,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 			pwBytes, 0,
 		)
 		if err != nil {
-			return nil, nil, nil, fmt.Errorf("error unlocking "+
+			return nil, nil, nil, nil, fmt.Errorf("error unlocking "+
 				"wallet with password from file: %v", err)
 		}
 
@@ -360,7 +360,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 	// over RPC.
 	default:
 		if err := d.interceptor.Notifier.NotifyReady(false); err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 
 		params, err := waitForWalletPassword(
@@ -371,7 +371,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 			err := fmt.Errorf("unable to set up wallet password "+
 				"listeners: %v", err)
 			d.logger.Error(err)
-			return nil, nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 
 		walletInitParams = *params
@@ -391,7 +391,10 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 		}
 	}
 
-	var macaroonService *macaroons.Service
+	var (
+		macaroonService *macaroons.Service
+		adminMacBytes []byte
+	)
 	if !d.cfg.NoMacaroons {
 		// Create the macaroon authentication/authorization service.
 		macaroonService, err = macaroons.NewService(
@@ -403,7 +406,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 			err := fmt.Errorf("unable to set up macaroon "+
 				"authentication: %v", err)
 			d.logger.Error(err)
-			return nil, nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 		cleanUpTasks = append(cleanUpTasks, func() {
 			if err := macaroonService.Close(); err != nil {
@@ -419,7 +422,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 		if err != nil && err != macaroons.ErrAlreadyUnlocked {
 			err := fmt.Errorf("unable to unlock macaroons: %v", err)
 			d.logger.Error(err)
-			return nil, nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 
 		// In case we actually needed to unlock the wallet, we now need
@@ -428,11 +431,11 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 		// backup mode, there's nobody listening on the channel and we'd
 		// block here forever.
 		if !d.cfg.NoSeedBackup {
-			adminMacBytes, err := bakeMacaroon(
+			adminMacBytes, err = bakeMacaroon(
 				ctx, macaroonService, adminPermissions(),
 			)
 			if err != nil {
-				return nil, nil, nil, err
+				return nil, nil, nil, nil, err
 			}
 
 			// The channel is buffered by one element so writing
@@ -463,7 +466,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 				err := fmt.Errorf("unable to create macaroons "+
 					"%v", err)
 				d.logger.Error(err)
-				return nil, nil, nil, err
+				return nil, nil, nil, nil, err
 			}
 		}
 
@@ -555,7 +558,7 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 		err := fmt.Errorf("unable to create partial chain control: %v",
 			err)
 		d.logger.Error(err)
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 
 	walletConfig := &btcwallet.Config{
@@ -580,12 +583,12 @@ func (d *DefaultWalletImpl) BuildWalletConfig(ctx context.Context,
 		walletConfig.CoinSelectionStrategy = wallet.CoinSelectionRandom
 
 	default:
-		return nil, nil, nil, fmt.Errorf("unknown coin selection "+
+		return nil, nil, nil, nil, fmt.Errorf("unknown coin selection "+
 			"strategy %v", d.cfg.CoinSelectionStrategy)
 	}
 
 	earlyExit = false
-	return partialChainControl, walletConfig, cleanUp, nil
+	return partialChainControl, walletConfig, cleanUp, adminMacBytes, nil
 }
 
 // BuildChainControl is responsible for creating a fully populated chain
diff --git a/lnd.go b/lnd.go
index 86ab9ab970..92359ca998 100644
--- a/lnd.go
+++ b/lnd.go
@@ -73,7 +73,9 @@ const (
 //
 // NOTE: This should only be called after the RPCListener has signaled it is
 // ready.
-func AdminAuthOptions(cfg *Config, skipMacaroons, insecure bool) ([]grpc.DialOption, error) {
+func AdminAuthOptions(cfg *Config, skipMacaroons, insecure bool,
+	macBytes []byte) ([]grpc.DialOption, error) {
+
 	var (
 		creds credentials.TransportCredentials
 		err error
@@ -98,11 +100,14 @@ func AdminAuthOptions(cfg *Config, skipMacaroons, insecure bool) ([]grpc.DialOpt
 
 	// Get the admin macaroon if macaroons are active.
 	if !skipMacaroons && !cfg.NoMacaroons {
-		// Load the adming macaroon file.
-		macBytes, err := ioutil.ReadFile(cfg.AdminMacPath)
-		if err != nil {
-			return nil, fmt.Errorf("unable to read macaroon "+
-				"path (check the network setting!): %v", err)
+		// If we sent the macaroon bytes, don't read it from disk.
+		if macBytes == nil {
+			// Load the adming macaroon file.
+			macBytes, err = ioutil.ReadFile(cfg.AdminMacPath)
+			if err != nil {
+				return nil, fmt.Errorf("unable to read macaroon "+
+					"path (check the network setting!): %v", err)
+			}
 		}
 
 		mac := &macaroon.Macaroon{}
@@ -386,7 +391,7 @@ func Main(cfg *Config, lisCfg ListenerCfg, implCfg *ImplementationCfg,
 
 	defer cleanUp()
 
-	partialChainControl, walletConfig, cleanUp, err := implCfg.BuildWalletConfig(
+	partialChainControl, walletConfig, cleanUp, mac, err := implCfg.BuildWalletConfig(
 		ctx, dbs, interceptorChain, grpcListeners,
 	)
 	if err != nil {
@@ -671,7 +676,7 @@ func Main(cfg *Config, lisCfg ListenerCfg, implCfg *ImplementationCfg,
 		bestHeight)
 
 	if cfg.SidecarAcceptor {
-		acceptor, err := StartSidecarAcceptor(cfg)
+		acceptor, err := StartSidecarAcceptor(cfg, mac)
 		if err != nil {
 			ltndLog.Error(err)
 			return err
diff --git a/start_sidecar.go b/start_sidecar.go
index 624b162208..a8a62a6c52 100644
--- a/start_sidecar.go
+++ b/start_sidecar.go
@@ -2,6 +2,7 @@ package lnd
 
 import (
 	"context"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"time"
@@ -18,13 +19,13 @@ import (
 	"google.golang.org/grpc"
 )
 
-func StartSidecarAcceptor(cfg *Config) (*acceptor.SidecarAcceptor, error) {
-	opts, err := AdminAuthOptions(cfg, false, true)
+func StartSidecarAcceptor(cfg *Config, macBytes []byte) (*acceptor.SidecarAcceptor, error) {
+	opts, err := AdminAuthOptions(cfg, false, true, macBytes)
 	if err != nil {
 		return nil, err
 	}
 
-	host := cfg.RPCListeners[0].String()
+	host := "127.0.0.1:10009"
 	conn, err := grpc.Dial(host, opts...)
 	if err != nil {
 		return nil, fmt.Errorf("unable to connect to RPC server: %v", err)
@@ -42,7 +43,8 @@ func StartSidecarAcceptor(cfg *Config) (*acceptor.SidecarAcceptor, error) {
 		LndAddress:            host,
 		Network:               network,
 		TLSPath:               cfg.TLSCertPath,
-		CustomMacaroonPath:    cfg.AdminMacPath,
+		Insecure:              true,
+		CustomMacaroonHex:     hex.EncodeToString(macBytes),
 		BlockUntilChainSynced: false,
 		BlockUntilUnlocked:    true,
 		CallerCtx:             ctxc,