PlatformEncryptionSettings
In the package manifest, all organization settings metadata types are accessed using the Settings name. See Settings for details.
File Suffix and Directory Location
PlatformEncryptionSettings values are stored in the PlatformEncryption.settings file in the settings folder. The .settings files are different from other named components because there’s only one settings file for each settings component.
Version
PlatformEncryptionSettings is available in API versions 47.0 and later.
Special Access Rules
To enable and disable PlatformEncryptionSettings attributes, you need the Customize Application permission. Attributes that allow key management tasks require the Manage Encryption Keys permission. For a complete list of required permissions, read Which User Permissions Does Shield Platform Encryption Require?.
Fields
Field Name | Field Type | Description |
---|---|---|
canEncryptManagedPackageFields | boolean | Indicates whether users can enable encryption on custom fields in installed managed packages (true) or not (false). |
isUseHighAssuranceKeysRequired | boolean | This field is for internal use. |
isMEKForEncryptionRequired | boolean | Indicates whether encryption policy tasks, such as enabling encryption on fields, also require the Manage Encryption Keys permission (true) or not (false), in addition to those tasks’ baseline permissions. |
enableDeterministEncryption | boolean | Indicates whether customers apply the deterministic encryption scheme to supported fields (true) or not (false). The deterministic encryption scheme lets customers filter on encrypted data.. |
enableEncryptFieldHistory | boolean | Indicates whether the background encryption process applies the customer's active key material to field history and feed tracking values (true) or not (false). The default value is false. If false, background encryption processes apply active key material to all encrypted data except duplicates of that data stored in field history or feed tracking. |
enableEventBusEncryption | boolean | This field is for internal use. |
Declarative Metadata Sample Definition
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PlatformEncryptionSettings xmlns="http://soap.sforce.com/2006/04/metadata">
<canEncryptManagedPackageFields>true</canEncryptManagedPackageFields>
<isUseHighAssuranceKeysRequired>true</isUseHighAssuranceKeysRequired>
<isMEKForEncryptionRequired>true</isMEKForEncryptionRequired>
<enableDeterministEncryption>true</enableDeterministEncryption>
<enableEncryptFieldHistory>true</enableEncryptFieldHistory></PlatformEncryptionSettings>
Example Package Manifest
<?xml version="1.0" encoding="UTF-8"?>
<Package xmlns="http://soap.sforce.com/2006/04/metadata">
<types>
<members>PlatformEncryption</members>
<name>Settings</name>
</types>
<version>47.0</version>
</Package>
Wildcard Support in the Manifest File
The wildcard character * (asterisk) in the package.xml manifest file doesn’t apply to metadata types for feature settings. The wildcard applies only when retrieving all settings, not for an individual setting. For details, see Settings. For information about using the manifest file, see Deploying and Retrieving Metadata with the Zip File.