Loading

Enable 'Bring Your Own Encryption Keys'

Publiceringsdatum: Oct 13, 2022
Beskrivning

Available as an add-on subscription in: EnterprisePerformance, and Unlimited Editions.

Available in Developer Edition at no charge.

The feature "Bring Your Own Encryption Keys" includes a number of capabilities and is now generally available. 

We'll outline what those are, and what you should do if you find the feature is not enabled for your Organization. 

Note: To utilize this feature, you must have an active/ courtesy/ DE Platform Encryption or Salesforce Shield licenses active on the organization.

 
Lösning

Bring Your Own Encryption Keys capabilities

 
1. Create key material (in this case the Tenant Secret used by Platform Encryption to derive the org specific data encryption key) outside of Salesforce using customer's own crypto libraries, enterprise key management system, or hardware security module.
2. Create a certificate signed by a third party certificate authority and then use the public key from that certificate to wrap the Tenant Secret before uploading it to Salesforce. Alternatively, you can create Self-signed certificates.
3. [Optional] Key Brokering: Use a 3rd party key management service to generate Tenant Secrets, wrap those secrets with the public key and upload the wrapped Tenant Secret securely to Salesforce.

Note: As of Winter '17 this feature is Generally Available and should no longer require a Pilot Nomination.  If you're not seeing the feature available, you can take the following steps to contact Support:
 
1. Verify that the Organization where you want the feature to be enabled is on an edition where the feature is available.
2. Have a System Administrator log a Case with Salesforce Support
3. Submit the case with a topic of Setup and security, a category of Shield, and specify Set up Shield Platform Encryption.

Once our Support Team gets the requested information we'll review the case and action as needed.
Knowledge-artikelnummer

000382131

 
Laddar
Salesforce Help | Article