Metadata API Developer Guide

Getting Started
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
AccountRelationshipShareRule
ActionLinkGroupTemplate
ActionPlanTemplate
AnalyticSnapshot
AnimationRule
ArticleType
ApexClass
ApexComponent
ApexEmailNotifications
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
BlacklistedConsumer
Bot
BotVersion
BrandingSet
BusinessProcessGroup
CallCenter
CallCoachingMediaProvider
CampaignInfluenceModel
CaseSubjectParticle
Certificate
ChatterExtension
CleanDataService
CMSConnectSource
Community (Zone)
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomHelpMenuSection
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DelegateGroup
Document
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuSettings
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventSubscription
ExperienceBundle
ExternalDataSource
ExternalServiceRegistration
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FlexiPage
Flow
FlowCategory
FlowDefinition
Folder
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
InboundCertificate
InstalledPackage
KeywordList
Layout
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel
LightningOnboardingConfig
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
ManagedContentType
ManagedTopics
MatchingRule
Metadata
MetadataWithContent
MilestoneType
MlDomain
MobileApplicationDetail
ModerationRule
MutingPermissionSet
MyDomainDiscoverableLogin
NamedCredential
NavigationMenu
Network
NetworkBranding
NotificationTypeConfig
OauthCustomScope
Package
PathAssistant
PaymentGatewayProvider
PermissionSet
PermissionSetGroup
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
Portal
PostTemplate
PresenceDeclineReason
PresenceUserConfig
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
Queue
QueueRoutingConfig
QuickAction
RedirectWhitelistUrl
RecommendationStrategy
RecordActionDeployment
RemoteSiteSetting
Report
ReportType
Role
RoleOrTerritory
SalesWorkQueueSettings
SamlSsoConfig
Scontrol
ServiceChannel
ServicePresenceStatus
Settings
AccountSettings
AccountInsightsSettings
AccountIntelligenceSettings
ActionsSettings
ActivitiesSettings
AddressSettings
AIReplyRecommendationsSettings
AnalyticsSettings
ApexSettings
AppExperienceSettings
AutomatedContactsSettings
BotSettings
BusinessHoursSettings
CampaignSettings
CaseClassificationSettings
CaseSettings
ChatterAnswersSettings
ChatterEmailMDSettings
ChatterSettings
CommunitiesSettings
CompanySettings
ConnectedAppSettings
ContentSettings
ContractSettings
ConversationalIntelligenceSettings
CurrencySettings
DataDotComSettings
DeploymentSettings
DevHubSettings
EACSettings
EmailAdministrationSettings
EmailIntegrationSettings
EmailTemplateSettings
EnhancedNotesSettings
EncryptionKeySettings
EntitlementSettings
EventSettings
ExperienceBundleSettings
FieldServiceSettings
FileUploadAndDownloadSecuritySettings
FlowSettings
ForecastingSettings
HighVelocitySalesSettings
IdeasSettings
IframeWhiteListUrlSettings
IndustriesSettings
InvocableActionSettings
IoTSettings
KnowledgeSettings
LanguageSettings
LeadConfigSettings
LeadConvertSettings
LiveAgentSettings
LightningExperienceSettings
LiveMessageSettings
MacroSettings
MapAndLocationSettings
MobileSettings
MyDomainSettings
NameSettings
NotificationsSettings
ObjectLinkingSettings (Beta)
OmniChannelSettings
OpportunityInsightsSettings
OpportunitySettings
OpportunityScoreSettings
OrderManagementSettings
OrderSettings
OrgPreferenceSettings
OrgSettings
PartyDataModelSettings
PardotSettings
PardotEinsteinSettings
PathAssistantSettings
PicklistSettings
PlatformEncryptionSettings
PredictionBuilderSettings
PrivacySettings
ProductSettings
QuoteSettings
RecordPageSettings
SchemaSettings
SearchSettings
SecuritySettings
SharingSettings
SiteSettings
SocialCustomerServiceSettings
SocialProfileSettings
SourceTrackingSettings (Beta)
SurveySettings
Territory2Settings
TrailheadSettings
TrialOrgSettings
UserEngagementSettings
UserInterfaceSettings
UserManagementSettings
VoiceSettings
WorkDotComSettings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UserCriteria
UserProvisioningConfig
WaveApplication
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveRecipe
WaveTemplateBundle
WaveXmd
WebStoreTemplate
Workflow
WorkSkillRouting
Headers
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

PlatformEncryptionSettings

Represents an org’s Platform Encryption settings, such as settings for available encryption schemes, permissions, encryption policy access, and which fields can be encrypted. This type extends the Metadata metadata type and inherits its fullName field.

In the package manifest, all organization settings metadata types are accessed using the “Settings” name. See Settings for more details.

File Suffix and Directory Location

PlatformEncryptionSettings values are stored in the PlatformEncryption.settings file in the settings folder. The .settings files are different from other named components because there is only one settings file for each settings component.

Version

PlatformEncryptionSettings is available in API versions 47.0 and later.

Special Access Rules

To enable and disable PlatformEncryptionSettings attributes, you need the Customize Application permission. Attributes that allow key management tasks require the Manage Encryption Keys permission. For a complete list of required permissions, read Which User Permissions Does Shield Platform Encryption Require?.

Fields

Field Name Field Type Description
canEncryptManagedPackageFields boolean Indicates whether users can enable encryption on custom fields in installed managed packages (true) or not (false).
isUseHighAssuranceKeysRequired boolean Indicates whether key management actions require a second form of authentication (true) or not (false). The second form of authentication can be an app like Salesforce Authenticator, a Yubikey, or other time-based one time password. The default value is false.

When enabled, admins without two-factor authentication can’t manage encryption key material.

Warning
isMEKForEncryptionRequired boolean Indicates whether encryption policy tasks, such as enabling encryption on fields, also require the Manage Encryption Keys permission (true) or not (false), in addition to those tasks’ baseline permissions.
enableDeterministEncryption boolean Indicates whether customers apply the deterministic encryption scheme to supported fields (true) or not (false). The deterministic encryption scheme lets customers filter on encrypted data..
enableEncryptFieldHistory boolean Indicates whether the background encryption process applies the customer's active key material to field history and feed tracking values (true) or not (false). The default value is false. If false, background encryption processes apply active key material to all encrypted data except duplicates of that data stored in field history or feed tracking.
enableEventBusEncryption boolean Indicates whether events are encrypted at rest in the event bus (true) or not (false). The events include change data capture events and platform events. The default value is false. If false, events aren't encrypted and are stored in clear text in the event bus.

Generate or upload key material of the Event Bus type before turning on the enableEventBusEncryption setting.

Warning

Declarative Metadata Sample Definition

The following is an example of the PlatformEncryption.settings file: 
1<?xml version="1.0" encoding="UTF-8"  standalone="yes"?>
2<PlatformEncryptionSettings xmlns="http://soap.sforce.com/2006/04/metadata">
3    <canEncryptManagedPackageFields>true</canEncryptManagedPackageFields>
4    <isUseHighAssuranceKeysRequired>true</isUseHighAssuranceKeysRequired>
5    <isMEKForEncryptionRequired>true</isMEKForEncryptionRequired>
6    <enableDeterministEncryption>true</enableDeterministEncryption>
7    <enableEncryptFieldHistory>true</enableEncryptFieldHistory>
8    <enableEventBusEncryption>true</enableEventBusEncryption>
9</PlatformEncryptionSettings>

Example Package Manifest

The following is an example package manifest used to deploy or retrieve the Platform Encryption settings metadata for an organization:
1<?xml version="1.0" encoding="UTF-8"?>
2<Package xmlns="http://soap.sforce.com/2006/04/metadata">
3    <types>
4        <members>Platform Encryption</members>
5        <name>Settings</name>
6    </types>
7    <version>47.0</version>
8</Package>

Wildcard Support in the Manifest File

The wildcard character * (asterisk) in the package.xml manifest file doesn’t apply to metadata types for feature settings. The wildcard applies only when retrieving all settings, not for an individual setting. For details, see Settings. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.