Security Audit

VESencrypt Account

VESencrypt Account ID:

App Key Created:

Account Management Granted To:

The security of your VESencrypt account could be compromised in one of the following cases:

Access to your VESencrypt account was delegated to an unintended colleague, administrator or auditor, or your VESencrypt App Key was shared with unintended parties
Your VES account was synced with a compromised device, or your VESkey (the master passphrase) was shared with unintended parties

In either case the problem needs to be addressed through VES (vesvault.com). In your VES account, go to Advanced Options » Manage Keys.
If only your VESencrypt App Key was compromised, it is sufficient to rekey VESencrypt App Vault.
If your VESkey was compromised, your Primary Vault, and all App Vaults, should be rekeyed. Note that in the latter case you will need to resync your VES account with all intended personal devices.
Rekeying you VESencrypt or VES account will not affect the operations of your connected VESencrypt proxies, and will not cause any downtime.
After your VES account is rekeyed, proceed to further sections to create and apply a new VESencrypt key to maintain forward secrecy.

Proxy Hosts

The following list includes all Proxy Hosts that are, or have ever been, granted access to the Encryption Keys on this VESencrypt account. The hosts are sorted by the time of the last grant in a descending order.
Select the checkbox below if any host in the list appears to be compromised or malicious. The Disable button will instantly revoke access for all Proxy Instances associated with the host. The revoked instances will be listed as pending in the Profile Manager, and can be re-enabled there in case of a mistake.

Manage compromised Hosts

Encryption Keys

The following encryption key set is used by the proxy instances connected to this VESencrypt account. The details of encryption protocols are documented separately for each proxy service type.

The latest encryption key has been shared with proxies. Check the Proxy Hosts section. If any compromised or malicious proxies are identified, disconnect them and then use the controls at the bottom of this section to generate a new Encryption Key.

The following control will generate a new Encryption Key. A new key is needed in emergency situations, such as compromised account keys or proxy hosts.
Note that a VESencrypt Account is limited to a total of 64 encryption keys, to minimize the overhead. If this limit is approached, additional maintenance will be required, such as retiring the old keys.
After being generated, the new key will not be automatically applied to the encryption profiles, or to any records in your data storage. See the Profiles section for further controls.

Generate a new Encryption Key

Profiles

The following list shows encryption keys currently associated with each VESencrypt Profile pertaining to this account. Note that the key applies to the records written in the storage (such as INSERT / UPDATE queries) through a VESencrypt proxy. Pre-existing records in the storage may use different encryption settings, or no encryption at all, unless a Bulk Update operation has been performed using the current settings.

The following control will apply the latest Encryption Key to be used for all encryption operations on all VESencrypt Profiles listed above. This action will not automatically re-encrypt existing records in your data storage. Launch the Bulk Update after changing the encryption settings to update all data.
For a more granular control over the encryption keys associated with particular profiles and database columns, use the JSON tab in the Encryption Settings for each profile on the Profile Manager page.

Apply the latest key to all profiles