Encryption keys in Devolutions Hub can be regenerated, and all sensitive data re-encrypted, directly from the web interface. Depending on the amount of data, this process can take anywhere from a few minutes to several hours. Devolutions Hub is unavailable for the duration of the rekeying operation.
The rekeying process is identical for both Devolutions Hub Business and Devolutions Hub Business Free. For additional details specific to Devolutions Hub Business, see Further considerations regarding Devolutions Hub Business.
It is recommended to plan a maintenance window informing users of the downtime.
Back up your vaults by exporting their content from the Help & tools menu.
Ensure that Remote Desktop Manager and Devolutions Server are updated to the same the major version as Devolutions Hub.
Remove the Devolutions Hub data source from Remote Desktop Manager and Devolutions Workspace. This prevents the previous encryption key from being reused after rekeying, which could lead to data corruption.
Remote Desktop Manager: Navigate to File – Data sources, select your Devolutions Hub data source, and click on the Delete data source (trash can) button.
Workspace desktop app: Mouse-over the Devolutions Hub icon in the lateral menu, then hover over your account and click the Log out button.
Workspace mobile app: In the Active data sources section, long-press your Devolutions Hub data source, and press on Log out.
Workspace browser extension: Click the Workspace icon, then on the data source selection icon in the top left, and select Manage data sources from the dropdown menu. Click the More button (vertical ellipsis icon) next to the Devolutions Hub data source to disconnect, and click on Disable.
In Devolutions Hub Business, only the owner can initiate a rekeying operation. During this process, the Hub instance is locked and unavailable to all other users.
For instances containing a large number of vaults, the PowerShell script method can be used to easily export all the vaults. Enable Can access user vaults on the application identity to backup user vaults.
After the rekeying operation is complete, the following applies:
Application identities will be disabled until regenerated.
Application services and PowerShell scripts will need to be updated to use the newly generated credentials.
Users will be automatically reinvited with their states updated in Administration – Users.
Make sure you have a stable Internet connection, disabled VPNs, and leave your browser opened and computer on throughout the operation.
As the Devolutions Hub owner, go to Administration – Recovery key, then click Rekey.
Select the Rekey option, then read and accept the warning.
Click Regenerate to start the process.
The Hub will reload automatically once the operation is completed. A prompt will appear to generate a recovery key. It is important to download the new recovery key as the previous ones are no longer valid. A key can also be generated manually from Administration – Generate recovery key.
If a user account becomes corrupted due to a mismatch with the current Hub key, follow the same procedure described previously for rekeying, but select the Repair option instead of Rekeying Devolutions Hub.
Share your feedback