Metadata API Developer Guide

Getting Started
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
AccountRelationshipShareRule
ActionLinkGroupTemplate
AnalyticSnapshot
AnimationRule
ArticleType
ApexClass
ApexComponent
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
Bot
BotVersion
BrandingSet
CallCenter
CampaignInfluenceModel
CaseSubjectParticle
Certificate
ChatterExtension
CleanDataService
CMSConnectSource
Community (Zone)
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomHelpMenuSection
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DelegateGroup
Document
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventSubscription
ExperienceBundle (Pilot)
ExternalDataSource
ExternalServiceRegistration
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FlexiPage
Flow
FlowCategory
FlowDefinition
Folder
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
InstalledPackage
KeywordList
Layout
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel (Developer Preview)
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
ManagedContentType
ManagedTopics
MatchingRule
Metadata
MetadataWithContent
MilestoneType
MlDomain (Beta)
MobileApplicationDetail
ModerationRule
NamedCredential
NavigationMenu
Network
NetworkBranding
OauthCustomScope
Package
PathAssistant
PermissionSet
PermissionSetGroup (Beta)
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
Portal
PostTemplate
PresenceDeclineReason
PresenceUserConfig
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
Queue
QueueRoutingConfig
QuickAction
RecommendationStrategy
RecordActionDeployment
RemoteSiteSetting
Report
ReportType
Role
RoleOrTerritory
SamlSsoConfig
Scontrol
ServiceChannel
ServicePresenceStatus
Settings
AccountSettings
ActionsSettings
ActivitiesSettings
AddressSettings
AnalyticsSettings
AppExperienceSettings
ApexSettings
BotSettings
BusinessHoursSettings
CaseClassificationSettings
CaseSettings
ChatterAnswersSettings
ChatterEmailMDSettings
ChatterSettings
CommunitiesSettings
CompanySettings
ConnectedAppSettings
ContractSettings
CurrencySettings
DeploymentSettings
EmailAdministrationSettings
EmailIntegrationSettings
EmailTemplateSettings
EnhancedNotesSettings
EncryptionKeySettings
EntitlementSettings
EventSettings
ExperienceBundleSettings (Pilot)
FieldServiceSettings
FileUploadAndDownloadSecuritySettings
FlowSettings
ForecastingSettings
HighVelocitySalesSettings
IdeasSettings
InvocableActionSettings
IoTSettings
KnowledgeSettings
LanguageSettings
LeadConfigSettings
LeadConvertSettings
LiveAgentSettings
LightningExperienceSettings
LiveMessageSettings
MacroSettings
MapAndLocationSettings
MobileSettings
MyDomainSettings
NameSettings
NotificationsSettings
ObjectLinkingSettings (Beta)
OmniChannelSettings
OpportunitySettings
OrderManagementSettings
OrderSettings
OrgPreferenceSettings
OrgSettings
PartyDataModelSettings
PardotSettings
PathAssistantSettings
PicklistSettings
PlatformEncryptionSettings
PredictionBuilderSettings
PrivacySettings
ProductSettings
QuoteSettings
RecordPageSettings
SchemaSettings
SearchSettings
SecuritySettings
SharingSettings
SiteSettings
SocialProfileSettings
SurveySettings
SocialCustomerServiceSettings
Territory2Settings
TrailheadSettings
UserEngagementSettings
UserInterfaceSettings
UserManagementSettings
VoiceSettings
WorkDotComSettings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UserCriteria
WaveApplication
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveTemplateBundle
WaveXmd
Workflow
WorkSkillRouting
WorkSkillRoutingAttribute
Headers
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

EncryptionKeySettings

Represents an org’s encryption key settings, such as customer-supplied keys options and key derivation settings. This type extends the Metadata metadata type and inherits its fullName field.

In the package manifest, all organization settings metadata types are accessed using the “Settings” name. See Settings for more details.

File Suffix and Directory Location

EncryptionKeySettings values are stored in the EncryptionKey.settings file in the settings folder. The .settings files are different from other named components because there is only one settings file for each settings component.

Version

EncryptionKeySettings is available in API versions 47.0 and later.

Special Access Rules

To enable EncryptionKeySettings, you need the Customize Application and Manage Encryption Keys permissions.

Fields

Field Name Field Type Description
enableCacheOnlyKeys boolean Indicates whether the Cache-Only Key Service is available (true) or not (false). The default value is false. If set to true, users can configure a cache-only key callout connection and apply key material stored outside of Salesforce to data on demand.
canOptOutOfDerivationWithBYOK boolean Indicates that users can opt out of key derivation processes on a key-by-key basis when they upload key material (true) or can’t (false). The default value is false.
enableReplayDetection boolean Indicates whether cache-only key callouts are protected from replay attacks by a nonce (true) or not (false). Requires enableCacheOnlyKeys=”true” before setting enableReplayDetection to true.

Declarative Metadata Sample Definition

The following is an example of the EncryptionKey.settings file: 
1<?xml version="1.0" encoding="UTF-8"?>
2<EncryptionKeySettings xmlns="http://soap.sforce.com/2006/04/metadata">
3    <enableCacheOnlyKeys>true</enableCacheOnlyKeys>
4    <enableReplayDetection>true</enableReplayDetection>
5    <canOptOutOfDerivationWithBYOK>true</canOptOutOfDerivationWithBYOK>
6</EncryptionKeySettings>

Example Package Manifest

The following is an example package manifest used to deploy or retrieve the encryption key settings metadata for an organization:
1<?xml version="1.0" encoding="UTF-8"?>
2<Package xmlns="http://soap.sforce.com/2006/04/metadata">
3    <types>
4        <members>EncryptionKeys</members>
5        <name>Settings</name>
6    </types>
7    <version>47.0</version>
8</Package>

Wildcard Support in the Manifest File

The wildcard character * (asterisk) in the package.xml manifest file doesn’t apply to metadata types for feature settings. The wildcard applies only when retrieving all settings, not for an individual setting. For details, see Settings. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.