Devolutions Hub’s encryption keys can be regenerated and its sensitive data re-encrypted via the web interface. Depending on the volume of data, the process could take a few minutes to several hours. The Hub cannot be accessed during the rekey operation.
The rekeying operation is the same for both Devolutions Hub Personal and Devolutions Hub Business. See the Further considerations regarding Devolutions Hub Business for more details about Devolutions Hub Business rekeying.
It is recommended to plan a maintenance window informing users of the downtime.
Backup your vaults by exporting their content in the Help & tools menu.
Update Remote Desktop Manager and Devolutions Server to match the major version of Devolutions Hub.
Remove the Devolutions Hub data source from Remote Desktop Manager and Devolutions Workspace. This action prevents issues where the previous key would be used after the rekeying, causing data corruption.
Remote Desktop Manager: Navigate to File – Data sources, select your Devolutions Hub data source, and click on the Delete data source (trash can) button.
Workspace desktop app: Mouse-over the Devolutions Hub icon in the lateral menu, then hover over your account and click the Log out button.
Workspace mobile app: In the Active data sources section, long-press your Devolutions Hub data source, and press on Log out.
Workspace browser extension: Click the Workspace icon, then on the data source selection icon in the top left, and select Manage data sources from the dropdown menu. Click the More button (vertical ellipsis icon) next to the Devolutions Hub data source to disconnect, and click on Disable.
For Devolutions Hub Business, only the owner can trigger a rekeying, locking the Hub instance for all other users during the operation.
For instances containing a large number of vaults, the PowerShell script method can be used to easily export all the vaults. Enable Can access user vaults on the application identity to backup user vaults.
After completing the rekeying operation, the following will be the case:
Application identities will be disabled until regenerated.
Application services and PowerShell scripts will need to be updated to use the newly generated credentials.
Users will be automatically reinvited with their states updated in Administration – Users.
Make sure you have a stable Internet connection, disabled VPNs, and leave your browser opened and computer on throughout the operation.
As the Devolutions Hub owner, head over to Administration – Recovery key, and click on the Rekey button.
Choose the Rekey option, then read and accept the warning.
Click on Regenerate.
The Hub will reload automatically once the operation is completed. A prompt will appear to generate a recovery key. It is important to download the new recovery key as the previous ones are no longer valid. A key can also be generated manually from Administration – Generate recovery key.
If a user account is corrupted because it is not using the current Hub key, follow the same steps described previously for rekeying, but choose the Repair option during step #2 of Rekeying Devolutions Hub.
Share your feedback