Change Data Capture Developer Guide

Change Data Capture
Keep Your External Data Current with Change Data Capture
Change Event Message Structure
Merged Change Events
Other Types of Change Events: Gap and Overflow Events
Subscribe to Change Events
Monitor Change Event Publishing and Delivery Usage
Security Considerations
Required Permissions for Change Event Subscribers
Field-Level Security
Change Events for Encrypted Salesforce Data
Generate an Event Bus Tenant Secret
Enable Encryption of Change Events
Capturing Changes and Encrypting the Event Payload
Change Event Considerations
Standard Object Notes
Change Events for Fields
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Change Events for Encrypted Salesforce Data

If Salesforce record fields are encrypted with Shield Platform Encryption, changes in encrypted field values generate change events. Change events are stored in the event bus for up to three days. To ensure that the events stored in the event bus are encrypted and not in clear text, create an event bus tenant secret and enable encryption.

To enable encryption of change events, first create an event bus tenant secret on the Key Management page in Setup. Then enable encryption of change events on the Encryption Policy page.

You must create an event bus tenant secret before enabling encryption. From Setup, the encryption setting is available only after you create an event bus tenant secret. In Metadata API, if you enable encryption using PlatformEncryptionSettings without having the tenant secret, you get an error.

Warning