Rotate Organization Encryption Key

Feature name

  • Rotation of the Organization Encryption Key

Feature function

  • Allows rotation of Organization Encryption Key. This might be necessary after removing users that once had access to an organization.
  • The threat model that this would protect against is someone that once was a part of an organization leaving and then later gaining a more up to date version of the organization vault (via db breach or similar effects).

As far as I understand there currently is no functionality to rotate this key. A similar functionality exists for the private vault. This would definitely impact all users of an organization but the alternative is leaving the encryption key in the hands of people that are no longer part of an organization.