-Feb-15-2023-02-29-15-7102-PM.png?width=120&height=40&name=Untitled%20design%20(8)-Feb-15-2023-02-29-15-7102-PM.png){kind=small}
The Casa app makes it easy to replace a key in your vault keyset with another one.
Why rotate a key?
You may need to replace a key for any of the following reasons:
- Your key was lost or damaged
- The key or its backup seed phrase may have been compromised
- You wish to replace the key with a different one (e.g., to upgrade to a newer device)
This process is also referred to as a "key rotation." The Casa app allows you to replace the mobile key or any hardware key in your vault.
Please note: For the 3-key vault, we recommend saving a copy of your hardware device's seed phrase, but it is optional. If you do have a copy of the seed phrase, you could use it to restore the key on a new hardware device without replacing the key, in which case it would not be necessary to complete the following steps to set up a new device.
Before You Begin
⚠️ Stop — do this before you begin. Perform a health check on every remaining key in your vault and verify that your security question answers are correct (3-key vault). Do not start key rotation until you have confirmed all remaining keys are fully operational.
Why this matters: Key rotation for a BTC vault creates a new vault and requires signing a transfer transaction with your old keys. If you haven't confirmed the other keys work before you start, you may be unable to complete the transfer.
Step 1: Mark the Old Key for Replacement
Once your other keys are confirmed working:
- Tap on your vault
- Tap the key icon in the top-right corner
- Tap the key you want to replace (mobile key or a hardware key)
- Tap Replace Key
- Read the explanation, then tap Yes, Confirm
.gif?width=670&height=670&name=Untitled%20design%20(4).gif)
Step 2: Set Up the New Key
This follows the same process as adding a key for the first time:
- Tap Begin Replacement Process
- Select your hardware device (Trezor, Ledger, Yubikey, etc.) and tap Continue
- Read the on-screen instructions, then tap Continue to send yourself the setup email
- Click the link in the email on your computer and follow the instructions to connect your device
Bitcoin (BTC): Transfer Funds to the New Vault
When you replace a BTC vault key, a new vault is created with your updated keyset. Because your funds remain in the old vault, you must transfer them to the new one. The process depends on whether you still have your old key.
.gif?width=670&height=670&name=Untitled%20design%20(5).gif)
If You Still Have the Old Key
You can sign the recovery transaction using your old keys. Remember: to move funds from the old keyset, you must sign with the old keys. The new key cannot sign for the old keyset.
We recommend choosing "Guided recovery," which will walk you through creating the transaction, setting the amount of the transaction (the full balance), and determining the address to send to (the address for your new vault).
Once both keys have signed, the funds transfer and you can reset or dispose of the old key.
If You No Longer Have the Old Key
You'll need to sign with the key you do have and request a signature from the Casa Recovery Key. Use Guided Recovery and follow the steps for your vault type:
- 3-key vault: Answer your security questions, then wait 7 days for the Casa Recovery Key signature. Return to the app to finalize the transaction.
- 5-key vault: Schedule a call to request the recovery signature, wait 48 hours, then return to the app to finalize.
Ethereum (ETH): Confirm the Key Change
For ETH vaults, key rotation works differently. Instead of creating a new vault and moving funds, the app updates the existing smart contract to swap in the new key. You'll still need to confirm the update using three keys from the original set. Smart contract updates count as transactions in the ETH ecosystem.
If You Still Have the Old Key
Sign the update transaction using the same number of keys from the old keyset as you would need for a regular transaction. No fund transfer is required.
If You No Longer Have the Old Key
You'll have to request a signature from the Casa Recovery Key for the transaction that updates the smart contract code. You will have to answer your security questions or schedule a call to request the signature from the Casa Recovery Key, just like you would for a bitcoin vault. Once the waiting period has expired, you can finalize the transaction, and then begin using your new keys.