Loading
Feature Degradation | Agentforce Voice Read More
Marketing Cloud Engagement
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Key Management

            You are here:

            1. Salesforce Help
            2. Docs
            3. Marketing Cloud Engagement

            Key Management

            Security keys and other settings are used to encrypt and decrypt data, digitally sign email messages, and implement SAML single sign-on (SSO). The encryption applies only to information stored in Marketing Cloud Engagement and not in other Salesforce apps.

            Warning
            Warning Never use Engagement apps or APIs to transmit or store these types of data.
            • Government-issued identification numbers, including (but not limited to):
              • Social Security numbers
              • Passport numbers
              • Driver’s license numbers
            • Any financial account numbers, including (but not limited to):
              • Credit and debit card numbers
              • Bank account numbers
              • Other similar identifiers as defined by the Payment Card Data Security Standards

            Prerequisites

            The Key Management feature is enabled by default.

            Familiarize yourself with AMPscript, particularly the functions listed here. The EncryptSymmetric() and DecryptSymmetric() AMPscript functions work only on data contained in Marketing Cloud Engagement. These functions can't be used with outside or third-party encryption and decryption functionality.

            Key Management Types

            You can use these encryption methods.

            • Asymmetric
            • Symmetric
            • Initialization Vector
            • Salt
            • SSH
            • SSO Metadata

            Choose the encryption method that best serves your needs and the requirements of any of your systems that interact with the email message.

            Asymmetric Encryption

            Asymmetric encryption requires that you upload a certificate from your computer to Marketing Cloud Engagement.

            Symmetric Encryption

            Symmetric encryption requires you to create a passphrase for use with the key.

            Initialization Vector Encryption

            Initialization vector encryption requires you to enter the block of bits to be used as the initialization vector. You can specify the 16-byte IV yourself. If you don't specify an IV, the application derives the IV from the password and salt via the protocols specified in RFC 2898.

            Salt Encryption

            Salt encryption requires a hex value longer than 8 bits for use as a salt value. The encryption uses random bits generated along with a password or passphrase. The salt value doesn’t include a maximum length value. Use Salt keys to generate JWTs for custom Journey Builder activities. See Encode Custom Activities Using a JWT in for more details.

            SSO Metadata

            SSO Metadata allows you to provide either the required metadata or the URL from which to retrieve that metadata. You can exchange authentication information with an external authentication service to enable SSO functionality for users. Users can authenticate one time for access to multiple systems. Contact your account executive for more information.

            SSO Metadata configuration requires a third-party service provider to enable this feature, and you must contact and engage this provider yourself.

            Salesforce Encryption

            This information applies only to Engagement apps. To encrypt data and text elsewhere within Salesforce, review the Platform Encryption documentation.

            Updated key values don’t require you to change automations or other settings in Engagement. These settings use the updated key values.

            • Create an Encryption Key for Marketing Cloud Engagement
              Create an encryption key for Marketing Cloud Engagement activities.
            • Use a Created Key with AMPscript
              Use AMPscript functions to encrypt and decrypt information stored in a custom data extension. The necessary AMPscript includes the EncryptSymmetric() and DecryptSymmetric() functions.
            • Use a Created Key with File Transfer Activities
              You can configure your file transfer activities in Automation Studio to use either a generated encryption key or an RSA private key you create and supply to Marketing Cloud Engagement. Use this key as part of the process to decrypt a file from an Engagement FTP site and save the contents to a safehouse location. This activity prepares the data for a file import activity. You can also use the key as part of the process to encrypt a file from a safehouse location and save that data to an Engagement file location. That data is saved in preparation for secure data export.
            • Bring Your Own Key for Encryption at Rest
              Provide your own encryption key to help in encrypting data in Marketing Cloud Engagement. This feature uses an RSA2048 encryption key that you generate in your own environment. Use the key as part of encrypting data at rest using Data at Rest Encryption for a Dedicated Database Environment. This feature applies to the top-level account in your tenant and can’t be activated for individual business units. Perform all operations for this feature in the top-level account of your tenant.
            • Create an SSH Key to Use with Marketing Cloud Engagement SFTP
              Create an SSH key to use when authenticating your SFTP account.

            See Also

             
            Loading
            Salesforce Help | Article