Skip to end of banner
Go to start of banner

Changing the encryption key

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

By default, the Two Factor Authentication app encrypts the TOTP shared secret key in the database using AES .

Changing the encryption key will cause the current shared secrets to become invalid. There is no migration between keys and it is recommended for the Administrator to reset ALL user 2FA Configuration through the "2FA Users" administration screen.


The default encryption key can be changed but the local administrator by placing a file in the home directory of the host application(Bitbucket Server) and naming it /wittified.2fa-encryption. The file should be contain the new encryption key (without any extra content). Once this is done, the app automatically starts to use the new encryption key.


Generate a new key

To generate a new key, you can execute the following command on linux:

 


  • No labels