To use EKM, you must create a data encryption key (DEK) of sufficient strength in a
supported external key management service. You should also check that an external application
can communicate with the key service to securely retrieve the DEK.
Required Editions
Available in both Lightning Experience and Salesforce Classic (not available in
all orgs).
Available in: Enterprise, Performance, Unlimited, and
Developer Editions. Requires purchasing Salesforce Shield or Shield
Platform Encryption, and the External Key Management Service. Data 360 customers
must also have the Platform Encryption for Consumption license.
User
Permissions Needed
To generate, destroy, export, import, upload, and configure
tenant secrets and customer-supplied key material:
Manage Encryption Keys
Salesforce EKM supports AWS Key Management Service key material only. Refer to the AWS KMS
documentation for information about creating, accessing, and managing keys in AWS.
AWS KMS Key Requirements
Before you configure your connection in Salesforce, create your key material in AWS KMS.
Salesforce requires:
Symmetric key type
Single region (MultiRegion = False)
An ARN that’s in the same AWS region as the current Hyperforce instance within which
your core org resides.
Make sure that you can access key material in both Salesforce and AWS KMS.
Exercise careful accounting between the Salesforce Key Management Setup page and the AWS
KMS dashboard. AWS KMS has no information about the status of Salesforce EKM secrets.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
