Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Deactivate an EKM Key

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Deactivate an EKM Key

            When you want to revoke all access to encrypted data, or rotate keys as a part of planned maintenance, you can deactivate key material. The effect of deactivating key material is similar to that of deleting a key. Your data remains encrypted, but it can’t be decrypted.

            Required Editions

            Available in both Lightning Experience and Salesforce Classic (not available in all orgs).
            Available in: Enterprise, Performance, Unlimited, and Developer Editions. Requires purchasing Salesforce Shield or Shield Platform Encryption, and the External Key Management Service. Data 360 customers must also have the Platform Encryption for Consumption license.
            User Permissions Needed
            To generate, destroy, export, import, upload, and configure tenant secrets and customer-supplied key material: Manage Encryption Keys

            Consider the effect on your users and data of deactivating the EKM key. Data encrypted with the key isn’t decryptable. Make sure that the data you need is synchronized to a different key.

            1. From Setup, in the Quick Find box, enter Platform Encryption, and then select Key Management.
            2. In the External Key Inventory, click Details for the key you want to deactivate.
            3. In the pane that opens, review the information. Then click either Never Mind or Deactivate External Key.

            Communicate with any other key managers that the key is now deactivated. Be alert for users reporting an inability to access encrypted data they could see previously.

             
            Loading
            Salesforce Help | Article