> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# updatePassword

> Rotates the password protecting a wallet's encrypted backup

## Function Signature

```typescript theme={"system"}
updatePassword(params: {
  accountAddress: string;
  walletMetadata: WalletMetadata;
  existingPassword?: string;
  newPassword?: string;
  backUpToDynamic: boolean;
  externalServerKeyShares?: ServerKeyShare[];
}): Promise<{ backupInfo: KeyShareBackupInfo }>
```

## Description

Rotates the password used to encrypt the wallet's backup shares on Dynamic's key share service. Returns the updated `backupInfo` (with the new `passwordEncrypted` state). **Merge it into your cached `walletMetadata.externalServerKeySharesBackupInfo`** — otherwise the next signing operation will fail password verification against stale metadata.

## Parameters

### Required Parameters

* **`accountAddress`** (`string`) - The wallet address (must include `0x` prefix). Must match `walletMetadata.accountAddress`.
* **`walletMetadata`** ([`WalletMetadata`](/node/reference/types/wallet-metadata)) - The cached metadata for this wallet
* **`backUpToDynamic`** (`boolean`) - Whether to back the re-encrypted shares up to Dynamic. Typically `true` for password rotation flows.

### Optional Parameters

* **`existingPassword`** (`string`) - The current password (required if the wallet is currently password-encrypted)
* **`newPassword`** (`string`) - The new password. **Required when `backUpToDynamic` is `true`.** Validated upfront before the MPC ceremony runs — passing an empty / missing `newPassword` with `backUpToDynamic: true` throws immediately rather than silently downgrading the backup.
* **`externalServerKeyShares`** ([`ServerKeyShare[]`](/node/reference/types/server-key-share)) - Plaintext shares. If omitted, the SDK recovers using `existingPassword`.

## Returns

* **`Promise<{ backupInfo }>`** — `backupInfo` ([`KeyShareBackupInfo`](/node/reference/types/key-share-backup-info)) reflects the new password-encrypted state. Merge into cached `walletMetadata`.

## Example

```typescript theme={"system"}
import { authenticatedEvmClient } from './client';

const evmClient = await authenticatedEvmClient();

const walletMetadata = JSON.parse(await redis.get(`wallet:${accountAddress}`));
const externalServerKeyShares = await vault.read(`wallet:${accountAddress}/shares`);

const { backupInfo } = await evmClient.updatePassword({
  accountAddress,
  walletMetadata,
  externalServerKeyShares,
  existingPassword: 'old-password',
  newPassword: 'new-password',
  backUpToDynamic: true,
});

// Re-cache the updated metadata.
const updated = { ...walletMetadata, externalServerKeySharesBackupInfo: backupInfo };
await redis.set(`wallet:${accountAddress}`, JSON.stringify(updated));

console.log('Password updated successfully');
```

## Error Handling

```typescript theme={"system"}
try {
  await evmClient.updatePassword({ /* ... */ });
  console.log('Password updated successfully');
} catch (error) {
  if (error.message.includes('Failed to verify password')) {
    console.error('Existing password was incorrect or metadata is stale');
  } else {
    console.error('Failed to update password:', error);
  }
}
```

## Related

* [`WalletMetadata`](/node/reference/types/wallet-metadata) - The metadata object passed to every operation
* [`verifyPassword()`](/node/reference/evm/verify-password) - Verify the wallet's current password
* [`isPasswordEncrypted()`](/node/reference/evm/is-password-encrypted) - Check if the wallet is password-encrypted
