DataEncryptionKey

The DataEncryptionKey object is part of the Bring Your Own Key (BYOK) feature, which allows users to upload a data encryption key (DEK) using a public key generated by the Salesforce Shield Key Management Service (KMS). Customers create their own DEKs and upload them to Salesforce. Users access this entity via the API to list DEK keys for auditing purposes. They can also programmatically use this object to create the certificate and to upload key material. This object is available in API version 63.0 and later.

This guide only lists certain information for each object. For more information, including descriptions of the fields, see DataEncryptionKey in the Object Reference for the Salesforce Platform.

Fields

Field Name Field Label Type Digits Length Precision Scale
CreatedBy Created By string 64
CreatedDate Created Date datetime
DataEncryptionKeyCertName Data Encryption Key Certificate Name string 80
Description Description string 100
DoesUseKeyDerivation Key Derivation boolean
Id Data Encryption Key Id id 18
LastModifiedBy Last Modified By string 64
LastModifiedDate Last Modified Date datetime
RootKeyIdentifier Root Key Identifier string 15
RootKeyKmsIdentifier Root Key KMS Identifier string 512
SecretValue Secret Value textarea 2000
SessionToken Session Token textarea 3000
Source Source string 100
Status Status string 32
Type Type string 150
Version Version int 9