Right now the Password manager uses the activation keypair to encrypt/decrypt stored passwords. This becomes a problem when the key needs to be re-generated or when the keypair is not kept when moving an instance to another environment. Passwords are essentially lost at this case.

Generation of the activation keypair is possible via the UI so it's relatively easy to get to this issue.

Possible solutions:

• make independent keys for password manager
• re-encode all passwords when the new activation key is generated
• at least let the user know via an alert what are the implications of generating new key