All Versions of Venafi Encryption Director and Venafi Trust Protection Platform
When not using an HSM (Hardware Security Module), Venafi Trust Protection Platform creates a Shared Encryption Key that is used to encrypted sensitive assets in the product database. This key is commonly referred to as the DPAPI key because by default it is protected by Microsoft's Data Protection APIs.
This guide has been written by Marc Madison from Venafi's Professional Services team to outline steps on how the Shared Database Encryption Key protected by DPAPI can be rotated. The guide was updated in Dec 2016.
It is important that a backup is done before starting the procedure - loosing the orginal DPAPI key could lead to a COMPLETE loss of data.