Rotating your account's encryption key

2025-12-24 04:04:27 +00:00 · 2018-11-20 13:06:00 -05:00
parent 34bea6ecbf
commit f5c433b8a2
1 changed files with 10 additions and 0 deletions
--- a/_articles/account/change-your-master-password.md
+++ b/_articles/account/change-your-master-password.md
@@ -20,3 +20,13 @@ Changing your master password will log you out of all Bitwarden applications.
 5. Click the **Change Master Password** button
 6. Log back in to confirm that your new password is working
 7. Log out and back in any other Bitwarden applications that you are using. You will eventually be logged out automatically.
+
+## Rotating your account's encryption key
+
+During a password change operation you also have the option to rotate (change) your account's encryption key. Rotating the encryption key is a good idea if you believe that your previous master password was compromised or that your Bitwarden vault's data was stolen from one of your devices.
+
+{% warning %}
+Rotating your account's encryption key is a sensitive operation, which is why it is not a default option. A key rotation involves generating a new, random encryption key for your account and re-encrypting all vault data using this new key.
+
+Because your account's encryption key changes, any old sessions with a Bitwarden application that you may be logged into with your account will still have the old, incorrect encryption key. If you make any changes to your account's vault data with an old encryption key, that data will become corrupted and unrecoverable. After rotating your account's encryption key it is very important that you completely log out and back in to all Bitwarden applications where you are using that account. Logging out and back in will ensure that your account has downloaded its new encryption key. We will attempt to log you out of all Bitwarden applications automatically, but it may not happen immediately.
+{% endwarning %}