Encrypted custom fields, such as Social Security Number or
Credit Card Number, are encrypted with a master encryption key. This key is automatically assigned when
you select fields to encrypt. You manage your own master key according to your organization’s security and regulatory
needs.
Required Editions
Note Where possible, we changed noninclusive terms to align with our company value of
Equality. We maintained certain terms to avoid any effect on customer
implementations.
Available in: both Salesforce Classic and Lightning Experience
Available in: all editions
User Permissions
Needed
To create, edit, and manage certificates:
Customize Application
With master encryption keys, you can:
Archive the existing key and create a new key.
Export an existing key after it's been archived.
Delete an existing key.
Import an existing key after it's been deleted.
Note This page is about Classic Encryption, not Shield
Platform Encryption. What's the difference?
Archiving and Creating New Keys
To archive your current key and create a new key, click Archive Current
Key and Create New Key on the Certificate and Key
Management Setup page. A new key is generated, assigned the next
sequential number, and activated. All new data is encrypted using the new key.
Existing data continues to use the archived key until the data is modified and saved.
Then data is encrypted using the new key.
After you archive a key, you can export or delete it.
Exporting Keys
You can export your keys to a back-up location for safe keeping. It's a good idea to export a
copy of any key before deleting it.
Exporting creates a text file with the encrypted key, so you can import the key back into your organization later.
Deleting Keys
Don't delete a key unless you're certain no data is currently encrypted using the
key. After you delete a key, any data encrypted with that key can no longer be
accessed.
Important Export and delete keys with care. If your key is destroyed, you
must reimport it to access your data. You are solely responsible for making sure
your data and keys are backed up and stored in a safe place. Salesforce can’t help
you with deleted, destroyed, or misplaced keys.
Importing Keys
If you have data associated with a deleted key, you can import an exported key back
into your organization. Any data that wasn’t accessible becomes accessible again.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
