Reset Organisation Recovery Key Passphrase

Hi Everybody,

I have a problem, I might mistyped the “Organasation Recovery Key” Passphrase by creating that, I do have the key file, but the Passphrase will not be accepted.

Is there any way to reset it via ssh or database?


There is no built-in way to perform this operation at the moment. From security point of view we wanted to prevent an attacker to disable or change the account recovery behavior without having the origina ORK. We have on our radar a feature request to provide a command to do what you describe.

The easiest way to fix the issue right now would be to delete the content of the account recovery tables, directly in the database. WARNING: make sure you have a backup before doing so.

This will completely reset the application state for account recovery feature:

truncate account_recovery_organization_policies;
truncate account_recovery_organization_public_keys;
truncate account_recovery_private_key_passwords;
truncate account_recovery_private_keys;
truncate account_recovery_requests;
truncate account_recovery_responses;
truncate account_recovery_user_settings;

Feel free to reach out to if you need help or want to discuss this further.

1 Like