Refreshing a sandbox from a production org creates an exact copy of the production org.
If Shield Platform Encryption is enabled on the production org, all encryption settings are
copied to the sandbox, including tenant secrets created in production. This is true for all
Shield Platform Encryption features.
Required Editions
Note This page is about Shield Platform Encryption,
not Classic Encryption. What's the difference?
Available in both Salesforce Classic (not available in all orgs) and Lightning
Experience.
Available in: Enterprise, Performance, and Unlimited
Editions with the Salesforce Shield or Shield Platform Encryption licenses.
Available for free in Developer Edition.
After a sandbox is refreshed, tenant secret changes are confined to your current org. This
means that when you rotate or destroy a tenant secret on the sandbox, it doesn’t affect the
production org.
As a best practice, rotate tenant secrets on sandboxes after a refresh. Rotation ensures that
production and sandbox use different tenant secrets. Destroying tenant secrets on a sandbox
renders encrypted data unusable in cases of partial or full copies.
With Database Encryption, new keys are generated automatically in each sandbox via HSM.
Tip If you use the External Key Management Service, there are special
considerations with sandbox key rotation. See External Key Management.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
