There should be a functionality by that we can change master.key just like we change our password by providing current password and new password similarly we should be able to change master.key by using current master.key and it should generate new master.key and encrypt current credentials by newly created master.key.
I think this would be a required feature as we are going to use Rails encrypted credentials and once our maser.key got compromised then we don’t have a way to change it.
I created an issue for the same over here. You can refer this for more details.
Please let me know your thoughts on this.