Salesforce Security Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data’s Security with Shield Platform Encryption
What You Can Encrypt
Platform Encryption Q&A
How Encryption Works
Set Up Your Encryption Policy
Filter Encrypted Data with Deterministic Encryption
Key Management and Rotation
Work with Salesforce Key Material
Rotate Keys
Back Up Your Tenant Secrets
Destroy a Key
Require Multi-Factor Authentication for Key Management
Get Statistics About Your Encryption Coverage
Synchronize Your Data Encryption
Work with External Key Material
Shield Platform Encryption Customizations
Encryption Trade-Offs
Audit and Monitor Your Organization’s Security
Real-Time Event Monitoring
Security Guidelines for Apex and Visualforce Development
API End-of-Life Policy
PDF

Destroy Key Material

Only destroy Shield Platform Encryption tenant secrets and key material in extreme cases where access to related data is no longer needed. Your key material is unique to your org and to the specific data to which it applies. Once you destroy key material, related data is not accessible unless you import previously exported key material.
Available in both Salesforce Classic (not available in all orgs) and Lightning Experience.
Available as an add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires purchasing Salesforce Shield or Shield Platform Encryption. Available in Developer Edition at no charge.

User Permissions Needed
To generate, destroy, export, import, upload, and configure tenant secrets and customer-supplied key material: Manage Encryption Keys
You are solely responsible for making sure that your data and key material are backed up and stored in a safe place. Salesforce can’t help you with deleted, destroyed, or misplaced tenant secrets and keys.
  1. From Setup, in the Quick Find box, enter Platform Encryption, and then select Key Management.
  2. In the table that lists your tenant secrets, find the row that contains the one you want to destroy. Click Destroy.
  3. A warning box appears. Type in the text as shown and select the checkbox acknowledging that you’re destroying a tenant secret, then click Destroy.
    After you destroy the key that encrypted the content, file previews and content that was already cached in the user’s browser may still be visible in cleartext. When the user logs in again, the cached content is removed.

    If you create a sandbox org from your production org and then destroy the tenant secret in your sandbox org, the tenant secret still exists in the production org.

  4. To import your tenant secret, click Import | Choose File and select your file. Make sure you’re importing the correct version of the tenant secret.

This page is about Shield Platform Encryption, not Classic Encryption. What's the difference?

Note