Your key is the only way to decrypt your data
The encryption key generated during OTIS activation is the sole mechanism for decrypting your data. OTIS Intelligence does not hold a copy. There is no password reset or recovery process for the key itself.
Recommended storage locations
Primary: a password manager (1Password, Bitwarden, Dashlane) with the key file attached to an OTIS entry. Secondary: your organisation's secrets management system (AWS Secrets Manager, HashiCorp Vault, Azure Key Vault). Physical backup: an encrypted USB drive in a physically secure location.
Sharing with team members
If multiple team members need access to OTIS data, share the key via your password manager's secure sharing feature or your secrets management system. Never share via email, Slack, or any unencrypted channel.
Loading the key on a new device
When accessing OTIS from a new browser or device, you will be prompted to upload your key file. Click Upload key, select the file, and OTIS loads it for the session. The key is held in memory and not persisted to the browser.
Key rotation
Currently, OTIS does not support in-place key rotation — changing the encryption key requires re-encrypting all stored data. If you need to rotate your key for security reasons, contact us to discuss the migration process.
If you suspect your key is compromised
If you believe your key file has been accessed by an unauthorised party, contact us immediately. We can help you assess the risk and plan a migration to a new key if required.
Was this article helpful?
Contact us if you need further help.