Rotate Shared Database Encryption (DPAPI) Key

Applies To:

All Versions of Venafi Encryption Director and Venafi Trust Protection Platform


When not using an HSM (Hardware Security Module), Venafi Trust Protection Platform creates a Shared Encryption Key that is used to encrypted sensitive assets in the product database.  This key is commonly referred to as the DPAPI key because by default it is protected by Microsoft's  Data Protection APIs. 

More Info:

This guide has been written by Marc Madison from Venafi's Professional Services team to outline steps on how the Shared Database Encryption Key protected by DPAPI can be rotated.  The guide was updated in Dec 2016.

It is important that a backup is done before starting the procedure - loosing the orginal DPAPI key could lead to a COMPLETE loss of data.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request


Powered by Zendesk