> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/cloud/knowledge-base/how-to-articles/regenerate-encryption-keys-and-re-encrypt-devolutions-cloud.md). # Regenerate encryption keys and re-encrypt Devolutions Cloud Encryption keys in Devolutions Cloud can be regenerated, and all sensitive data re-encrypted, directly from the web interface. Depending on the amount of data, this process can take anywhere from a few minutes to several hours. Devolutions Cloud is unavailable for the duration of the rekeying operation. The rekeying process is identical for both Devolutions Cloud and Devolutions Cloud Free. For additional details specific to Devolutions Cloud, see the *Further considerations regarding Devolutions Cloud* section below. {% hint style="success" %} It is recommended to plan a maintenance window informing users of the downtime. {% endhint %} ### Before rekeying... * Back up your vaults by [exporting their content](https://docs.devolutions.net/cloud/web-interface/tools/export/json-export-type/) from the ***Help & tools*** menu. * Ensure that Remote Desktop Manager are updated to the same major version as Devolutions Cloud. * Remove the Devolutions Cloud workspace from Remote Desktop Manager and Devolutions Password Manager. This prevents the previous encryption key from being reused after rekeying, which could lead to data corruption. * Remote Desktop Manager: Navigate to ***File*** – ***Workspaces***, select your Devolutions Cloud workspace, and click on the ***Delete workspace*** (trash can) button. * Devolutions Password Manager (desktop): Mouse-over the Devolutions Cloud icon in the lateral menu, then hover over your account and click the ***Log out*** button. * Devolutions Password Manager (mobile): In the ***Active workspaces*** section, long-press your Devolutions Cloud workspace, and press on ***Log out***. * Devolutions Password Manager browser extension: Click the Devolutions Password Manager icon, then on the workspace selection icon in the top left, and select ***Manage workspaces*** from the dropdown menu. Click the ***More*** button (vertical ellipsis icon) next to the Devolutions Cloud workspace to disconnect, and click on ***Disable***. ### Further considerations regarding Devolutions Cloud In Devolutions Cloud, only the [owner](https://docs.devolutions.net/cloud/web-interface/administration/management/users/devolutions-cloud-ownership/) can initiate a rekeying operation. During this process, the Devolutions Cloud instance is locked and unavailable to all other users. For instances containing a large number of vaults, the [PowerShell script](https://docs.devolutions.net/cloud/web-interface/tools/export/powershell-script-export-type/) method can be used to easily export all the vaults. Enable ***Can access user vaults*** on the application identity to backup user vaults. After the rekeying operation is complete, the following applies: * [Application identities](https://docs.devolutions.net/cloud/web-interface/administration/management/application-users/) will be disabled until regenerated. * [Application services](https://docs.devolutions.net/cloud/web-interface/administration/configuration-security/application-services/) and PowerShell scripts will need to be updated to use the newly generated credentials. * Users will be automatically reinvited with their states updated in ***Administration*** – ***Users***. ### Rekeying Devolutions Cloud {% hint style="danger" %} Make sure you have a stable Internet connection, disabled VPNs, and leave your browser opened and computer on throughout the operation. {% endhint %} 1. As the Devolutions Cloud owner, go to ***Administration*** – ***System settings***, then select the ***Danger zone*** tab. 2. Click ***Rekey*** to start the process. Devolutions Cloud will reload automatically once the operation is completed. A prompt will appear to generate a recovery key. It is important to download the new recovery key as the previous ones are no longer valid. ### Repair entries with invalid encryption If a user account becomes corrupted due to a mismatch with the current Devolutions Cloud key, follow the same procedure described previously for rekeying, but select the ***Repair*** option instead of ***Rekeying Devolutions Cloud***. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/cloud/knowledge-base/how-to-articles/regenerate-encryption-keys-and-re-encrypt-devolutions-cloud.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.