Revoked user with enrolled password recovery can not rotate keys

[BlackDex]

Steps To Reproduce

1. Have a test org member which has enrolled password recovery. (No enforce data ownership)
2. Revoke their access to the org
3. Login with the revoked user
4. Try to rotate the account's encryption keys

Expected Result

Password changed, and security keys rotated.

Actual Result

Simple error message An error has occurred.
The Developer console shows: All existing reset password keys must be included in the rotation.

Screenshots or Videos

Additional Context

No response

Build Version

2026.3.0

Environment

Self-Hosted

Environment Details

• Ubuntu 24.04
• Docker ghcr.io/bitwarden/lite:latest

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[bitwarden-bot]

Thank you for reporting this issue! We've added this to our internal tracking system.
ID: PM-34053
Link (for internal use): https://bitwarden.atlassian.net/browse/PM-34053

[TroyBW]

Hi there,

Thank you for your report! I have flagged this to our engineering team.

If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.

Thanks once again!