Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Shield KMS Startup

            You are here:

            1. Salesforce Help
            2. Docs
            3. Salesforce Shield Platform Encryption Architecture

            Shield KMS Startup

            When the regional Shield KMS starts up in a production environment, it accesses each release’s encrypted secrets stored in the regional KMS. It then stores them in the encrypted key cache in preparation for deriving data encryption keys.

            Shield KMS diagram

            The process includes these steps.

            1. The regional Shield KMS starts up.
            2. After the basic Shield KMS processes run, the server notifies the local key broker service that it’s ready to accept key material.
            3. The key broker service communicates with the Key Escrow server to request current release secrets.
            4. The Key Escrow server gets the release secrets from the primary Shield KMS and securely passes them to the key broker service.
            5. The key broker server writes the secrets into the regional Shield KMS.
            6. The regional Shield KMS validates all the keys and secrets against their hashes and then stores them in the encrypted key cache. It’s then ready for encryption service.
             
            Loading
            Salesforce Help | Article