Destroy Key Material
Only destroy Shield Platform Encryption tenant secrets and key material in extreme
cases where access to related data is no longer needed. Your key material is unique to your
org and to the specific data to which it applies. Once you destroy key material, related
data is not accessible unless you import previously exported key material.
Available in both Salesforce Classic (not available in all orgs) and Lightning Experience. |
Available as an add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires purchasing Salesforce Shield or Shield Platform Encryption. Available in Developer Edition at no charge. |
User Permissions Needed | |
---|---|
To generate, destroy, export, import, upload, and configure tenant secrets and customer-supplied key material: | Manage Encryption Keys |
You are solely responsible for making sure that your data and key material are
backed up and stored in a safe place. Salesforce can’t help you with deleted, destroyed,
or misplaced tenant secrets and keys.
- From Setup, in the Quick Find box, enter Platform Encryption, and then select Key Management.
- In the table that lists your tenant secrets, find the row that contains the one you want to destroy. Click Destroy.
-
A warning box appears. Type in the text as shown and select the checkbox
acknowledging that you’re destroying a tenant secret, then click
Destroy.
After you destroy the key that encrypted the content, file previews and content that was already cached in the user’s browser may still be visible in cleartext. When the user logs in again, the cached content is removed.
If you create a sandbox org from your production org and then destroy the tenant secret in your sandbox org, the tenant secret still exists in the production org.
- To import your tenant secret, click and select your file. Make sure you’re importing the correct version of the tenant secret.