Skip to main content
GroupsOfficial: Shield and Security CenterAyu P's Question
Ayu P asked in Official: Shield and Security Center
Feb 15, 2025, 12:36 AM

A team recently implemented the Shield platform encryption and was wondering what needs to be maintained after implementation?

 1. Do I have to export the key from production and store in my system?  

2. Do I have to rotate the key for each Salesforce release ( any reference on how to do it)?  

3. Is the key different for production and sandbox?  

#Salesforce Developer #Data Management #Salesforce Admin #Security

1 answer
  1. Mike Smith (Salesforce)
    Feb 18, 2025, 12:11 AM

    1. This is highly recommended. If someone were to maliciously or accidentally destroy a tenant secret, your exported key can be reimported. https://help.salesforce.com/s/articleView?id=xcloud.security_pe_import_export_keys.htm&type=5

     

    2. This is not required. You should rotate keys based on your organization's security policy.

    https://help.salesforce.com/s/articleView?id=xcloud.security_pe_rotate_keys.htm&type=5

     

    3. Not by default. It is a best practice to do a key rotation upon sandbox refresh or creation.

    https://help.salesforce.com/s/articleView?id=xcloud.security_pe_sandboxes.htm&type=5

Write an answer...
0/9000