In this blog, I am going to explain how to setup platform encryption basic setup which includes setup your tenant secret keys, Creating an encrypted fields and files, tenant secret key life cycle.
Do we need any special permission?
Before setup the platform encryption, the user need this permission.
Manage Encryption Keys – To create a Tenant Secret keys.
View Encrypted Data – To view the encrypted data.
Generate a Tenant Secret
Platform encryption works based on the Tenant Secret and Master Secret keys. The master secret key is managed by the salesforce and rotates for every release. whereas Tenant Secret is An organization-specific secret used in conjunction with the master secret and key derivation function to generate a derived data encryption key. When an organization administrator rotates a key, a new tenant secret is generated. to generate the Tenant Secret go to Setup, enter Platform Encryption in the Quick Find box, then select Platform Encryption. Select Generate Tenant Secret as shown below . The platform encryption link is under Security Control.
As an admin, you can able to manage the tenant secret keys life cycle like archive and active and destroy as shown below. You can rotate your tenant secret key for every 24 hrs in production.
Encryption on fields and Files
With the new platform encryption, you can be able to encrypt the fields and Files.
What Standard fields are support encryption?
Salesforce support the following standard fields on Account, contact, and Case are encryption
How to encrypt the files?
in order to encrypt the files, go to setup — > Security Control — > Platform Encryption.
Under File and Field encryption check the Encrypted fields and attachment and save it
That’s it. Now you are good to enjoy the platform encryption future
How to create an encrypted field?
Now we are going to create a new custom field on contact called SSN which is encrypted .goto Setup -> Customize > Contact fields –> create a new custom some field SSN with Text data type
as shown below. Make Sure encrypted checkbox is checked. Save the field.
After contact record is created, the SSN values are encrypted as shown below
File encryption looks as shown below.