Object Reference for Salesforce and Lightning Platform

Object Basics
Reference
Standard Objects
AcceptedEventRelation
Account
AccountBrand
AccountContactRelation
AccountCleanInfo
AccountContactRole
AccountInsight
AccountOwnerSharingRule
AccountPartner
AccountRelationship
AccountRelationshipShareRule
AccountShare
AccountTag
AccountTeamMember
AccountTerritoryAssignmentRule
AccountTerritoryAssignmentRuleItem
AccountTerritorySharingRule
AccountUserTerritory2View
ActionCadence
ActionCadenceRule
ActionCadenceRuleCondition
ActionCadenceStep
ActionCadenceStepTracker
ActionCadenceTracker
ActionLinkGroupTemplate
ActionLinkTemplate
ActionPlan
ActionPlanItem
ActionPlanTemplate
ActionPlanTemplateItem
ActionPlanTemplateItemValue
ActionPlanTemplateVersion
ActiveScratchOrg
ActivityHistory
ActivityMetric
AdditionalNumber
Address
AgentWork
AgentWorkSkill
AIInsightAction
AIInsightFeedback
AIInsightReason
AIInsightValue
AIRecordInsight
AllowedEmailDomain
Announcement
ApexClass
ApexComponent
ApexLog
ApexPage
ApexPageInfo
ApexTestQueueItem
ApexTestResult
ApexTestResultLimits
ApexTestRunResult
ApexTestSuite
ApexTrigger
AppAnalyticsQueryRequest
AppDefinition
AppExtension
AppMenuItem
AppleDomainVerification
AppointmentSchedulingPolicy
Approval
AppTabMember
Article Type__DataCategorySelection
Asset
AssetDowntimePeriod
AssetOwnerSharingRule
AssetRelationship
AssetShare
AssetTag
AssetTokenEvent
AssetWarranty
AssignedResource
AssignmentRule
AssociatedLocation
AsyncApexJob
AttachedContentDocument
AttachedContentNote
Attachment
Audience
AuraDefinition
AuraDefinitionBundle
AuraDefinitionBundleInfo
AuraDefinitionInfo
AuthConfig
AuthConfigProviders
AuthorizationForm
AuthorizationFormConsent
AuthorizationFormDataUse
AuthorizationFormText
AuthProvider
AuthSession
BackgroundOperation
BackgroundOperationResult
BatchApexErrorEvent
Bookmark
BrandTemplate
BusinessHours
BusinessProcess
BusinessProcessDefinition
BusinessProcessFeedback
BusinessProcessGroup
BuyerGroupPricebook
Calendar
CalendarView
CallCenter
CallCoachConfigModifyEvent
CallCoachingMediaProvider
CallDisposition
CallDispositionCategory
CallTemplate
Campaign
CampaignInfluence
CampaignInfluenceModel
CampaignMember
CampaignMemberStatus
CampaignOwnerSharingRule
CampaignShare
CampaignTag
CardPaymentMethod
CartCheckoutSession
CartDeliveryGroup
CartDeliveryGroupMethod
CartItem
CartTax
CartValidationOutput
Case
CaseArticle
CaseComment
CaseContactRole
CaseHistory
CaseMilestone
CaseOwnerSharingRule
CaseShare
CaseSolution
CaseStatus
CaseSubjectParticle
CaseTag
CaseTeamMember
CaseTeamRole
CaseTeamTemplate
CaseTeamTemplateMember
CaseTeamTemplateRecord
CategoryData
CategoryNode
CategoryNodeLocalization
ChannelObjectLinkingRule
ChannelProgram
ChannelProgramLevel
ChannelProgramMember
ChatterActivity
ChatterAnswersActivity
ChatterAnswersReputationLevel
ChatterConversation
ChatterConversationMember
chatterExtension
chatterExtensionConfig
ChatterMessage
ClientBrowser
CollaborationGroup
CollaborationGroupMember
CollaborationGroupMemberRequest
CollaborationGroupRecord
CollaborationInvitation
CollabUserEngagementMetric
CollabUserEngmtRecordLink
ColorDefinition
CombinedAttachment
CommerceEntitlementBuyerGroup
CommerceEntitlementPolicy
CommerceEntitlementPolicyShare
CommerceEntitlementProduct
CommSubscription
CommSubscriptionChannelType
CommSubscriptionConsent
CommSubscriptionTiming
Community (Zone)
ConnectedApplication
Consumption Rate
Consumption Schedule
Contact
ContactCleanInfo
ContactPointAddress
ContactPointConsent
ContactPointEmail
ContactPointPhone
ContactPointTypeConsent
ContactOwnerSharingRule
ContactRequest
ContactRequestShare
ContactShare
ContactSuggestionInsight
ContactTag
ContentAsset
ContentBody
ContentDistribution
ContentDistributionView
ContentDocument
ContentDocumentHistory
ContentDocumentLink
ContentDocumentListViewMapping
ContentDocumentSubscription
ContentFolder
ContentFolderItem
ContentFolderLink
ContentFolderMember
ContentHubItem
ContentHubRepository
ContentNote
ContentNotification
ContentTagSubscription
ContentUserSubscription
ContentVersion
ContentVersionComment
ContentVersionHistory
ContentVersionRating
ContentWorkspace
ContentWorkspaceDoc
ContentWorkspaceMember
ContentWorkspacePermission
ContentWorkspaceSubscription
Contract
ContractContactRole
ContractLineItem
ContractStatus
ContractTag
Conversation
ConversationContextEntry
ConversationEntry
ConversationParticipant
CorsWhitelistEntry
CreditMemo
CreditMemoLine
Crisis
CronJobDetail
CronTrigger
CspTrustedSite
CurrencyType
CustomBrand
CustomBrandAsset
CustomHelpMenuItem
CustomHelpMenuSection
CustomHttpHeader
CustomNotificationType
CustomPermission
CustomPermissionDependency
DandBCompany
Dashboard
DashboardComponent
DashboardTag
DataAssessmentFieldMetric
DataAssessmentMetric
DataAssessmentValueMetric
DatacloudCompany
DatacloudContact
DatacloudDandBCompany
DatacloudOwnedEntity
DatacloudPurchaseUsage
DatacloudSocialHandle
DataIntegrationRecordPurchasePermission
DatasetExport
DatasetExportPart
DataUseLegalBasis
DataUsePurpose
DatedConversionRate
DcSocialProfile
DcSocialProfileHandle
DeclinedEventRelation
DelegatedAccount
DeleteEvent
DigitalSignature
DigitalWallet
DirectMessage
Division
DivisionLocalization
Document
DocumentAttachmentMap
DocumentTag
Domain
DomainSite
DsarPolicy
DsarPolicyLog
DuplicateJob
DuplicateJobDefinition
DuplicateJobMatchingRule
DuplicateJobMatchingRuleDefinition
DuplicateRecordItem
DuplicateRecordSet
DuplicateRule
ElectronicMediaGroup
ElectronicMediaUse
EmailContent
EmailDomainFilter
EmailDomainKey
EmailMessage
EmailMessageRelation
EmailRelay
EmailServicesAddress
EmailServicesFunction
EmailStatus
EmailTemplate
EmbeddedServiceDetail
Employee
EmployeeCrisisAssessment
EngagementChannelType
EmbeddedServiceLabel
EnhancedLetterhead
Entitlement
EntitlementContact
EntitlementTemplate
EntityHistory
EntityMilestone
EntitySubscription
EnvironmentHubMember
Event
EventLogFile
EventRelation
EventBusSubscriber
EventTag
EventWhoRelation
Expense
ExpenseReport
ExpenseReportEntry
ExpressionFilter
ExpressionFilterCriteria
ExternalAccountHierarchy
ExternalAccountHierarchyHistory
ExternalDataSource
ExternalDataUserAuth
ExternalSocialAccount
FeedAttachment
FeedComment
FeedItem
FeedLike
FeedPollChoice
FeedPollVote
FeedPost
FeedRevision
feedSignal
FeedTrackedChange
FieldHistoryArchive
FieldPermissions
FieldSecurityClassification
FieldServiceMobileSettings
FiscalYearSettings
FlexQueueItem
FlowDefinitionView
FlowInterview
FlowInterviewOwnerSharingRule
FlowInterviewShare
FlowRecordRelation
FlowStageRelation
FlowVariableView
FlowVersionView
Folder
FolderedContentDocument
ForecastingAdjustment
ForecastingDisplayedFamily
ForecastingFact
ForecastingItem
ForecastingOwnerAdjustment
ForecastingQuota
ForecastingShare
ForecastingType
ForecastingUserPreference
FormulaFunction
FormulaFunctionAllowedType
FormulaFunctionCategory
FulfillmentOrder
FulfillmentOrderItemAdjustment
FulfillmentOrderItemTax
FulfillmentOrderLineItem
GtwyProvPaymentMethodType
Goal
GoalLink
GoogleDoc
Group
GroupMember
HashtagDefinition
HealthCareDiagnosis
HealthCareProcedure
Holiday
IconDefinition
Idea
IdeaComment
IdeaReputation
IdeaReputationLevel
IdeaTheme
IdpEventLog
IframeWhiteListUrl
Image
Individual
IndividualHistory
IndividualShare
InternalOrganizationUnit
Invoice
InvoiceLine
JobProfile
Knowledge__Feed
Knowledge__ka
Knowledge__kav
Knowledge__DataCategorySelection
KnowledgeableUser
KnowledgeArticle
KnowledgeArticleVersion
KnowledgeArticleVersionHistory
KnowledgeArticleViewStat
KnowledgeArticleVoteStat
LandingPage
Lead
LeadCleanInfo
LeadOwnerSharingRule
LeadShare
LeadStatus
LeadTag
LegalEntity
LightningExperienceTheme
LightningOnboardingConfig
LightningToggleMetrics
LightningUsageByAppTypeMetrics
LightningUsageByBrowserMetrics
LightningUsageByPageMetrics
LightningUsageByFlexiPageMetrics
LightningExitByPageMetrics
LinkedArticle
LinkedArticleFeed
LinkedArticleHistory
ListEmail
ListEmailIndividualRecipient
ListEmailRecipientSource
ListView
ListViewChart
ListViewChartInstance
LiveAgentSession
LiveAgentSessionHistory
LiveAgentSessionShare
LiveChatBlockingRule
LiveChatButton
LiveChatButtonDeployment
LiveChatButtonSkill
LiveChatDeployment
LiveChatSensitiveDataRule
LiveChatTranscript
LiveChatTranscriptEvent
LiveChatTranscriptShare
LiveChatTranscriptSkill
LiveChatUserConfig
LiveChatUserConfigProfile
LiveChatUserConfigUser
LiveChatVisitor
Location
LocWaitlistMsgTemplate
LocationWaitlist
LocationWaitlistedParty
LoginEvent
LoginGeo
LoginHistory
LoginIp
LogoutEventStream
LookedUpFromActivity
Macro
MacroInstruction
MacroUsage
MailmergeTemplate
MaintenanceAsset
MaintenancePlan
MaintenanceWorkRule
ManagedContentInfo
MarketingForm
MarketingLink
MatchingRule
MatchingRuleItem
MessagingChannel
MessagingChannelSkill
MessagingConfiguration
MessagingDeliveryError
MessagingEndUser
MessagingLink
MessagingSession
MessagingTemplate
MetadataPackage
MetadataPackageVersion
Metric
MetricDataLink
MetricsDataFile
MilestoneType
MobileSettingsAssignment
MsgChannelLanguageKeyword
MyDomainDiscoverableLogin
MutingPermissionSet
Name
NamedCredential
NamespaceRegistry
NavigationLinkSet
NavigationMenuItem
NavigationMenuItemLocalization
Network
NetworkActivityAudit
NetworkAffinity
NetworkDiscoverableLogin
NetworkMember
NetworkMemberGroup
NetworkModeration
NetworkPageOverride
NetworkSelfRegistration
NetworkUserHistoryRecent
Note
NoteAndAttachment
NoteTag
OauthCustomScope
OauthCustomScopeApp
OauthToken
ObjectPermissions
ObjectTerritory2AssignmentRule
ObjectTerritory2AssignmentRuleItem
ObjectTerritory2Association
OpenActivity
OperatingHours
OperatingHoursHistory
Opportunity
OpportunityCompetitor
OpportunityContactRole
OpportunityContactRoleSuggestionInsight
OpportunityFieldHistory
OpportunityHistory
OpportunityInsight
OpportunityLineItem
OpportunityLineItemSchedule
OpportunityOwnerSharingRule
OpportunityPartner
OpportunityShare
OpportunitySplit
OpportunitySplitType
OpportunityStage
OpportunityTag
OpportunityTeamMember
Order
OrderAdjustmentGroup
OrderAdjustmentGroupSummary
OrderDeliveryGroup
OrderDeliveryGroupSummary
OrderDeliveryMethod
OrderHistory
OrderItem
OrderItemAdjustmentLineItem
OrderItemAdjustmentLineSummary
OrderItemSummary
OrderItemSummaryChange
OrderItemTaxLineItem
OrderItemTaxLineItemSummary
OrderItemType
OrderOwnerSharingRule
OrderPaymentSummary
OrderShare
OrderStatus
OrderSummary
Organization
OrgDeleteRequest
OrgWideEmailAddress
OutOfOffice
OutgoingEmail
OutgoingEmailRelation
OwnedContentDocument
OwnerChangeOptionInfo
PackageLicense
PackagePushError
PackagePushJob
PackagePushRequest
PackageSubscriber
Partner
PartnerFundAllocation
PartnerFundClaim
PartnerFundRequest
PartnerMarketingBudget
PartnerNetworkConnection
PartnerNetworkRecordConnection
PartnerNetworkSyncLog
PartnerRole
PartyConsent
Payment
PaymentAuthorization
PaymentGateway
PaymentGatewayLog
PaymentGatewayProvider
PaymentGroup
PaymentLineInvoice
PaymentMethod
PendingServiceRouting
Period
PermissionSet
PermissionSetAssignment
PermissionSetGroup
PermissionSetGroupComponent
PermissionSetLicense
PermissionSetLicenseAssign
PermissionSetTabSetting
PersonalizationTargetInfo
PlatformAction
PlatformEventUsageMetric
PlatformStatusAlertEvent
PortalDelegablePermissionSet
PresenceConfigDeclineReason
PresenceDeclineReason
PresenceUserConfig
PresenceUserConfigProfile
PresenceUserConfigUser
Pricebook2
Pricebook2History
PricebookEntry
ProcessDefinition
ProcessException
ProcessInstance
ProcessInstanceHistory
ProcessInstanceStep
ProcessInstanceNode
ProcessInstanceWorkitem
ProcessNode
Product2
Product2DataTranslation
ProductCategory
ProductCategoryDataTranslation
ProductConsumed
ProductEntitlementTemplate
ProductItem
ProductItemTransaction
ProductMedia
ProductRequest
ProductRequestLineItem
ProductRequired
ProductTransfer
ProductWarrantyTerm
Profile
ProfileSkill
ProfileSkillEndorsement
ProfileSkillShare
ProfileSkillUser
Prompt
PromptAction
PromptActionOwnerSharingRule
PromptActionShare
PromptLocalization
PromptVersion
PromptVersionLocalization
PushTopic
QueueRoutingConfig
Question
QuestionDataCategorySelection
QuestionReportAbuse
QuestionSubscription
QueueSobject
QuickText
QuickTextUsage
Quote
QuoteDocument
QuoteLineItem
RecentlyViewed
Recommendation
RecordAction
RecordActionHistory
RecordType
RecordTypeLocalization
RecordVisibility (Pilot)
RedirectWhitelistUrl
Refund
RefundLinePayment
RegisteredExternalService
RemoteKeyCalloutEvent
Reply
ReplyReportAbuse
ReplyText
Report
ReportTag
ReputationLevel
ReputationLevelLocalization
ReputationPointsRule
ResourceAbsence
ResourcePreference
ReturnOrder
ReturnOrderItemAdjustment
ReturnOrderItemTax
ReturnOrderLineItem
ReturnOrderOwnerSharingRule
RuleTerritory2Association
SalesAIScoreCycle
SalesAIScoreModelFactor
SalesChannel
SalesWorkQueueSettings
SamlSsoConfig
Scontrol
ScontrolLocalization
ScratchOrgInfo
SearchPromotionRule
SecureAgent
SecureAgentsCluster
SecurityCustomBaseline
SelfServiceUser
ServiceAppointment
ServiceAppointmentStatus
ServiceChannel
ServiceChannelFieldPriority
ServiceChannelStatus
ServiceChannelStatusField
ServiceContract
ServiceContractOwnerSharingRule
ServiceCrew
ServiceCrewMember
ServiceCrewOwnerSharingRule
ServicePresenceStatus
ServiceReport
ServiceReportLayout
ServiceResource
ServiceResourceCapacity
ServiceResourceCapacityHistory
ServiceResourceOwnerSharingRule
ServiceResourceSkill
ServiceTerritory
ServiceTerritoryLocation
ServiceTerritoryMember
ServiceTerritoryWorkType
SessionPermSetActivation
SetupAuditTrail
SetupEntityAccess
ShapeRepresentation
Shift
ShiftHistory
ShiftOwnerSharingRule
ShiftShare
ShiftStatus
Shipment
SignupRequest
Site
SiteDetail
SiteDomain
SiteHistory
SiteIframeWhitelistUrl
Skill
SkillProfile
SkillRequirement
SkillUser
SlaProcess
Snippet
SnippetAssignment
SocialPersona
SocialPost
Solution
SolutionStatus
SolutionTag
SOSDeployment
SOSSession
SOSSessionActivity
Stamp
StampAssignment
StaticResource
StoreIntegratedService
StreamingChannel
Salesforce Surveys Object Model
Survey
SurveyEmailBranding
SurveyEngagementContext
SurveyInvitation
SurveyPage
SurveyQuestion
SurveyQuestionChoice
SurveyQuestionResponse
SurveyQuestionScore
SurveyResponse
SurveySubject
SurveyVersion
SurveyVersionAddlInfo
TabDefinition
TagDefinition
Task
TaskPriority
TaskRelation
TaskStatus
TaskTag
TaskWhoRelation
TenantSecret
Territory
Territory2
Territory2Model
Territory2ModelHistory
Territory2Type
TestSuiteMembership
ThirdPartyAccountLink
ThreatDetectionFeedback
TimeSheet
TimeSheetEntry
TimeSlot
TimeSlotHistory
Topic
TopicAssignment
TopicLocalization—Beta
TopicUserEvent
TransactionSecurityPolicy
Translation
TwoFactorInfo
TwoFactorMethodsInfo
TwoFactorTempCode
UiFormulaCriterion
UiFormulaRule
UndecidedEventRelation
User
UserAccountTeamMember
UserAppInfo
UserAppMenuCustomization
UserAppMenuItem
UserAuthCertificate
UserConfigTransferButton
UserConfigTransferSkill
UserCustomBadge
UserCustomBadgeLocalization
UserDevice
UserDeviceApplication
UserDeviceHistory
UserEmailCalendarSync
UserEmailPreferredPerson
UserEmailPreferredPersonShare
UserLicense
UserListView
UserListViewCriterion
UserLogin
UserMembershipSharingRule
UserPackageLicense
UserPermissionAccess
UserPreference
UserProfile
UserProvAccount
UserProvAccountStaging
UserProvMockTarget
UserProvisioningConfig
UserProvisioningLog
UserProvisioningRequest
UserRecordAccess
UserRole
UserServicePresence
UserShare
UserTeamMember
UserTerritory
UserTerritory2Association
UserWorkList
UserWorkListItem
VerificationHistory
VisualforceAccessMetrics
VoiceCall
VoiceCallFeed
VoiceCallList
VoiceCallListItem
VoiceCallQualityFeedback
VoiceCallRecording
VoiceCoaching
VoiceLocalPresenceNumber
VoiceMailContent
VoiceMailGreeting
VoiceMailMessage
VoiceUserLine
VoiceUserPreferences
VoiceVendorInfo
VoiceVendorLine
Vote
WarrantyTerm
WaveAutoInstallRequest
WebCart
WebCartHistory
WebLink
WebLinkLocalization
WebStore
WebStoreCatalog
WebStorePricebook
Wishlist (Beta)
WishlistItem (Beta)
WorkAccess
WorkAccessShare
WorkBadge
WorkBadgeDefinition
WorkCoaching
WorkFeedback
WorkFeedbackQuestion
WorkFeedbackQuestionSet
WorkFeedbackRequest
WorkGoal
WorkGoalCollaborator
WorkGoalCollaboratorHistory
WorkGoalHistory
WorkGoalLink
WorkGoalShare
WorkOrder
WorkOrderHistory
WorkOrderLineItem
WorkOrderLineItemHistory
WorkOrderLineItemStatus
WorkOrderShare
WorkOrderStatus
WorkPerformanceCycle
WorkReward
WorkRewardFund
WorkRewardFundType
WorkThanks
WorkType
WorkTypeGroup
WorkTypeGroupMember
Custom Objects
Associated Objects (Feed, History, OwnerSharingRule, and Share Objects)
Data Model
PDF

Newer Version Available

This content describes an older version of this product. View Latest

TenantSecret

This object stores an encrypted organization-specific key fragment that is used with the master secret to produce organization-specific data encryption keys. This object is available in API version 34.0 and later.

You can rotate tenant secrets of the Data type once every four hours in a sandbox org or every 24 hours in production orgs. You can rotate tenant secrets of the SearchIndex type once every seven days.

This information is about Shield Platform Encryption and not Classic Encryption.

Note

Supported Calls

create(), query(), retrieve(), update()

Fields

Field Name Details
Description
Type
textarea
Properties
Create, Nillable, Update
Description

The description of the tenant secret.
KeyDerivationMode
Type
picklist
Properties
Create, Filter, Group, Restricted picklist, Sort
Description
The key derivation mode applied to customer-supplied key material. Modes are:
PBKDF2
The customer-supplied key material is used by the Shield KMS to create a derived data encryption key.
NONE
The customer-supplied key material is used by the Shield KMS as the final data encryption key to directly encrypt and decrypt data.

Available in API version 43.0 and later.
RemoteKeyCertificate
Type
string
Properties
Create, Filter, Group, Nillable, Sort, Update
Description
The name of the certificate whose public key is used to encrypt the SecretValue during a remote key callout.

Available in API version 45.0 and later.
RemoteKeyIdentifier
Type
string
Properties
Create, Filter, Group, Nillable, Sort
Description
A unique key identifier for key material fetched from a remote key service.

Available in API version 45.0 and later.
RemoteKeyServiceID
Type
reference
Properties
Create, Filter, Group, Nillable, Sort, Update
Description
The named credential used to fetch remote key material from a remote key service.

Available in API version 45.0 and later.
SecretValue
Type
base64
Properties
Create, Nillable, Update
Description

The encrypted 256-bit secret value encoded in base64.
SecretValueCertificate
Type
string
Properties
Create, Filter, Group, Nillable, Sort, Update
Description

The certificate needed to upload a customer-supplied tenant secret. Each certificate has a unique name.
SecretValueHash
Type
base64
Properties
Create
Description

The matching tenant secret hash for an uploaded customer-supplied tenant secret.
Source
Type
picklist
Properties
Create, Defaulted on create, Filter, Group, Restricted picklist, Sort
Description
The source of the encryption key material. Values are:
HSM
A Salesforce-generated tenant secret.
Uploaded
A customer-supplied tenant secret or data encryption key.
Remote
A tenant secret or data encryption key fetched from a key service outside of Salesforce. Available in API version 44.0 and later.

Tenant secrets with a Source value of Remote are listed as Fetched on the Key Management page in Setup.

Note

Available in API version 43.0 and later.
Status
Type
picklist
Properties
Filter, Group, Nillable, Restricted picklist, Sort, Update
Description
The status of the tenant secret. Values are:
Active
Can be used to encrypt and decrypt new or existing data.
Archived
Can’t encrypt new data. Can be used to decrypt data previously encrypted with this key when it was active.
Destroyed
Can’t encrypt or decrypt data. Data encrypted with this key when it was active can no longer be decrypted. Files and attachments encrypted with this key can no longer be downloaded.

You can update the Status field through the API in versions 44.0 or later.
Type
Type
picklist
Properties
Create, Defaulted on create, Filter, Group, Restricted picklist, Sort
Description
The type of tenant secret. The Type field is available in API version 39.0 and later. The following values appear in the Type picklist:
  • Data—data stored in the Salesforce database. Includes data in encrypted fields, files, and attachments but not search index files. Tenant secrets created in API version 34.0 and later default to the Data type.
  • SearchIndex—search index files (available in API version 39.0 and later).
  • Analytics—Einstein Analytics data (available in API version 39.0 and later).
  • DeterministicData—data stored in the Salesforce database. Includes data in encrypted fields, files, and attachments, but not search index files (available in API version 39.0 and later).
  • EventBus—Change Data Capture event data (available in API version 43.0 and later). Change Data Capture is part of a pilot.
Version
Type
int
Properties
Filter, Group, idLookup, Sort
Description

The version number of this secret. The version number is unique within your org.

Usage

Use this object to create or update an org-specific tenant secret or customer-supplied key material.

Example 1: Build an automated tenant secret creation and activation solution similar to the following.

  1. Start by creating an Apex class to create the tenant secret. Specify the value of the tenant secret to encrypt data of a particular type.
    1global class CreateNewSecret implements Schedulable {
2   global void execute(SchedulableContext SC) {
3      TenantSecret secret = new TenantSecret ();
4      secret.description = 'Created new secret from scheduled job';
5      secret.type= ‘SearchIndex’;
6      insert secret;
7   }
8}

    Type is available in API version 39.0 and later. Type is optional; all tenant secrets default to the Data type.

    Note

  2. Schedule the Apex class to run at the specified interval.

    This Apex code only needs to be run a single time to schedule the job. This code runs the job every 90 days.

    1CreateNewSecret secret = new CreateNewSecret();
2String schedule = '0 0 0 1 JAN,APR,JUL,OCT ?';
3String jobID = system.schedule('Automated secret creation and activation', schedule, secret);
  3. Validate that the job is scheduled.
  4. Validate that tenant secrets are created after the job is run.
Example 2: Upload a customer-supplied tenant secret or customer-supplied data encryption key.
  1. Create a certificate that’s compatible with customer-supplied key material. See Generate a BYOK-Compatible Certificate in Salesforce Help.
  2. Then upload your matching key material and key material hash. Include the unique name of the compatible certificate. The key material is uploaded in encrypted form.
    1TenantSecret secret = new TenantSecret ();
2      secret.description = 'New uploaded secret';
3      secret.type= ‘Data’;
4      secret.SecretValue = ...
5      EncodingUtil.base64Decode('...');;
6      secret.SecretValueCertificate = ...;
7      secret.SecretValueHash = ...
8      EncodingUtil.base64Decode('...');
9      insert secret;

    You can use this script to generate a customer-supplied tenant secret and tenant secret hash.

  3. Validate that the key material is uploaded.

Example 3: Opt out of key derivation on a key-by-key basis when you upload key material. When you upload your key material, specify ‘Source’:Uploaded and 'KeyDerivationMode':'NONE', and set non-null values for the SecretValueCertificate, SecretValue, and SecretValueHash.

Example 4: Import a tenant secret of the Data type.

1TenantSecret secret = [SELECT Id FROM TenantSecret WHERE Type = ‘Data’ AND Version = 2];
2secret.SecretValue = “<previously_exported_secret_as_a_String>";
3update secret;

Example 5: Export a tenant secret by writing the secret.SecretValue to a file. Here’s an example that uses a tenant secret of the SearchIndex type.

1TenantSecret secret = [SELECT SecretValue FROM TenantSecret WHERE Type = ‘TenantSecret’ AND Version = 2];
2secret.SecretValue =...;
3update secret;

Example 6: Destroy a tenant secret of the Data type.

Your tenant secret is unique to your organization and to the specific data to which it applies. Once you destroy a tenant secret, related data is not accessible unless you previously exported the key and then import the key back into Salesforce.

Warning

1TenantSecret secret = [SELECT Id FROM TenantSecret WHERE Type = ‘Data’ AND Version = 2];
2secret.SecretValue = NULL;
3secret.Status = Destroyed;
4update secret;
Example 7:Change the Status of a tenant secret from Archived to Destroyed. Include the SecretValue and new tenant secret Status. 
1TenantSecret secret = [SELECT Id FROM TenantSecret WHERE Type = 'Data' AND Version = 2];
2secret.Status = Destroyed;
3update secret;
Cache-Only Key Service customers can change the Status of cache-only key tenant secrets. For example, reactivate a cache-only key by changing its Status from Destroyed to Active.
Example 8: Create a callout connection that fetches a cache-only key tenant secret from a key service outside of Salesforce.
  1. Make sure that your org has at least one active Data in Salesforce key, either Salesforce-generated or customer-supplied. Then turn on Allow Cache-Only Keys with BYOK from the Advanced Settings page in Setup.
  2. Create a certificate that’s compatible with customer-supplied key material. See Generate a BYOK-Compatible Certificate in Salesforce Help.
  3. Create and assemble your key material.
  4. Create a named credential to serve as your authenticated callout mechanism. You can define your named credential through Setup or directly with Apex. Specify a BYOK-compatible certificate and an HTTPS endpoint.
  5. Configure the connection to your remote key service. This connection uses named credential and its associated certificate to fetch a specified cache-only key tenant secret.
    1remote_params = {Source’: ‘Remote’, 
2RemoteKeyIdentifier’: ...,
3RemoteKeyServiceId: ...,
4RemoteKeyCertificate’: ...}
5
6sf.TenantSecret.create(remote_params)