You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
dmage rotate-key — re-encrypt every revision with a fresh Account Key (spec Appendix L).
Client-driven, resumable after interruption, key generations tracked per blob. Requires
dotmage-server with the rotation feature.
Security
Closes the documented v1 gap "a leaked Account Key decrypts all history forever":
rotation makes old cached keys useless for anything pushed after it. Note: backups
taken before a rotation remain decryptable by the old key — destroy or re-encrypt them
when rotating after a device compromise.