Loading
Ongoing maintenance for Salesforce HelpRead More
Feature degradation | Gmail Email delivery failureRead More
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Secure Secret Material Generation via HSM and Primary Keys

            You are here:

            1. Salesforce Help
            2. Docs
            3. Salesforce Shield Platform Encryption Architecture

            Secure Secret Material Generation via HSM and Primary Keys

            Your data may be encrypted, but unless your encryption keys are generated and stored securely, your data is still vulnerable. Salesforce uses a highly secure and traceable process for generating its primary keys and your tenant secrets. New primary keys are generated regularly, and all key material is securely stored in key management servers.

            This section details the processes Salesforce uses to generate and manage encryption keys and secrets. It explains how hardware security modules (HSMs) are initialized to create the foundation for key pairs. The content further describes the "High Assurance Virtual Ceremony" (HAVC) used to create per-release secrets, and how these secrets are then distributed to regional key management servers (KMSs). You'll also learn about the on-demand generation of customer-controlled tenant secrets and how this process works within the overall encryption architecture.

            • HSM Initialization
              A Hardware Security Module (HSM) must be initialized before it’s used. For the primary HSM, initialization creates a primary HSM encryption key pair and a primary HSM signing key pair. For each regional HSM, initialization creates a regional HSM encryption key pair.
            • Per-Release Secret Generation and Export
              At the start of each release, a Salesforce cryptographic security officer conducts a High Assurance Virtual Ceremony (HAVC) to generate the per-release secrets and keys. Once created, the secrets are sent to the regional Shield KMSs.
            • Shield KMS Startup
              When the regional Shield KMS starts up in a production environment, it accesses each release’s encrypted secrets stored in the regional KMS. It then stores them in the encrypted key cache in preparation for deriving data encryption keys.
            • On-Demand Tenant Secret Generation
              Customers can generate or upload key material every 24 hours in their production or Developer Edition orgs, and every 4 hours in sandbox orgs. Field-Level Encryption key material can be destroyed at any time. When a customer generates new key material, all future data is encrypted with the new final data encryption key (DEK). This DEK is derived by default. Customers can opt out of derivation and supply their own DEK.
             
            Loading
            Salesforce Help | Article