Salesforce Shield

To set up Akeyless KMS Integration with Salesforce Shield, follow these steps:

  1. Create an OAuth2.0 app in Salesforce with permissions to manage encryption keys, and activate the BYOK functionality.

  2. Create a new Salesforce Target in the Akeyless Vault. You can do it either from the Akeyless CLI or in the Akeyless Console.

  3. Create a classic key in the Akeyless Vault. You can do it either from the Akeyless CLI or in the Gateway Configuration Manager.

You can also upload the keys that currently exist outside of the Akeyless Vault.

👍

Tip

Any classic key will be protected using the Akeyless DFC key (you can select a DFC key with Zero-Knowledge Encryption).

The following key types are supported: AES256GCM.

  1. Make sure to associate the key with the Salesforce Target. When you attach a key, a copy of the key material is securely transferred to Salesforce in accordance with its key import specification.

For Salesforce targets, you'll need the following parameter for the assoc-target-item command:

  • tenant-secret-type: The tenant secret type. Possible values: Data, SearchIndex, Analytics. There should be only one key of each type in Salesforce.

Did this page help you?