Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Database Encryption Tradeoffs

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Database Encryption Tradeoffs

            Database Encryption provides you with a way to secure your entire transactional database. Even so, there are some compromises to accept if you use it.

            Required Editions

            Available in both Lightning Experience and Salesforce Classic (not available in all orgs).
            Available in: Enterprise, Performance, and Unlimited Editions using Hyperforce.
            • Once you have enabled Database Encryption, it remains in place. There is no option to turn it off at the present time.
            • Database Encryption is a feature that’s only available in Salesforce Hyperforce cells. If you’re a customer in Salesforce First Party data centers and are interested in this functionality, request for a sandbox in Hyperforce to try it out.
            • If you create a sandbox from a production org that already enables Database Encryption, Salesforce generates a new database encryption key for the sandbox. If you have configured your production Database Encryption to use Bring Your Own Key, you will need to set BYOK up on the Sandbox org after it is activated.
            • After you enable Database Encryption, new data is encrypted right away. However, it takes a while for encryption to cover the preexisting data.
            • There is no current capability for a customer to initiate a sync for Database Encryption.
            • Database Encryption Keys can’t be Exported/Destroyed/Imported from the Shield Key Management page or via the API.
            • Database Encryption doesn’t permit Key flavors that involve key revocation. As a result, options such as Cache-Only Keys (CoK) or External Key Management (EKM) aren’t supported.
             
            Loading
            Salesforce Help | Article