Encryption keys in Devolutions Cloud can be regenerated, and all sensitive data re-encrypted, directly from the web interface. Depending on the amount of data, this process can take anywhere from a few minutes to several hours. Devolutions Cloud is unavailable for the duration of the rekeying operation.
The rekeying process is identical for both Devolutions Cloud and Devolutions Cloud Free. For additional details specific to Devolutions Cloud, see Further considerations regarding Devolutions Cloud.
It is recommended to plan a maintenance window informing users of the downtime.
Back up your vaults by exporting their content from the Help & tools menu.
Ensure that Remote Desktop Manager and Devolutions Server are updated to the same the major version as Devolutions Cloud.
Remove the Devolutions Cloud workspace from Remote Desktop Manager and Devolutions Password Manager. This prevents the previous encryption key from being reused after rekeying, which could lead to data corruption.
Remote Desktop Manager: Navigate to File – Workspaces, select your Devolutions Cloud workspace, and click on the Delete workspace (trash can) button.
Devolutions Password Manager (desktop): Mouse-over the Devolutions Cloud icon in the lateral menu, then hover over your account and click the Log out button.
Devolutions Password Manager (mobile): In the Active workspaces section, long-press your Devolutions Cloud workspace, and press on Log out.
Devolutions Password Manager browser extension: Click the Devolutions Password Manager icon, then on the workspace selection icon in the top left, and select Manage workspaces from the dropdown menu. Click the More button (vertical ellipsis icon) next to the Devolutions Cloud workspace to disconnect, and click on Disable.
In Devolutions Cloud, only the owner can initiate a rekeying operation. During this process, the Devolutions Cloud instance is locked and unavailable to all other users.
For instances containing a large number of vaults, the PowerShell script method can be used to easily export all the vaults. Enable Can access user vaults on the application identity to backup user vaults.
After the rekeying operation is complete, the following applies:
Application identities will be disabled until regenerated.
Application services and PowerShell scripts will need to be updated to use the newly generated credentials.
Users will be automatically reinvited with their states updated in Administration – Users.
Make sure you have a stable Internet connection, disabled VPNs, and leave your browser opened and computer on throughout the operation.
As the Devolutions Cloud owner, go to Administration – System settings, then select the Danger zone tab.
Click Rekey to start the process.
Devolutions Cloud will reload automatically once the operation is completed. A prompt will appear to generate a recovery key. It is important to download the new recovery key as the previous ones are no longer valid.
If a user account becomes corrupted due to a mismatch with the current Devolutions Cloud key, follow the same procedure described previously for rekeying, but select the Repair option instead of Rekeying Devolutions Cloud.
Share your feedback