Module rotate 

envvault rotate-key — change the vault master password.

Decrypts all secrets with the old password, generates a new salt, re-derives the master key from the new password, re-encrypts all secrets, and writes the vault atomically.

Optionally changes the keyfile with --new-keyfile <path> or removes the keyfile requirement with --new-keyfile none.

Functions

execute

Execute the rotate-key command.