Salesforce Security Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data’s Security with Shield Platform Encryption
What You Can Encrypt
Platform Encryption Q&A
How Encryption Works
Set Up Your Encryption Policy
Filter Encrypted Data with Deterministic Encryption
Key Management and Rotation
Work with Salesforce Key Material
Get Statistics About Your Encryption Coverage
Synchronize Your Data Encryption
Sync Data with Self-Service Background Encryption
Work with External Key Material
Shield Platform Encryption Customizations
Encryption Trade-Offs
Audit and Monitor Your Organization’s Security
Real-Time Event Monitoring
Security Guidelines for Apex and Visualforce Development
API End-of-Life Policy
PDF

Sync Data with Self-Service Background Encryption

Synchronizing your data with your active key material keeps your encryption policy up to date. You can sync data in standard and custom fields, the Attachment—Content Body field, and for field history and feed tracking changes from the Encryption Statistics and Data Sync page in Setup. To synchronize all other encrypted data, contact Salesforce Customer Support.
Available in both Salesforce Classic (not available in all orgs) and Lightning Experience.
Available as an add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires purchasing Salesforce Shield or Shield Platform Encryption. Available in Developer Edition at no charge.

User Permissions Needed
View Platform Encryption Setup pages: View Setup and Configuration

Self-service background encryption supports all standard and custom fields, the Attachment—Content Body field, and field history and feed tracking changes. For help synchronizing other encrypted data, contact Salesforce Customer Support.

To include field history and feed tracking values in self-service background encryption processes, first turn on Encrypt Field History and Feed Tracking Values on the Encryption Settings page. You can also enable field history and feed tracking encryption programmatically with the PlatformEncryptionSettings metadata type. When this setting is turned on, the self-service background encryption process applies your active key material to your field history and feed tracking values.
  1. From Setup, in the Quick Find box, enter Platform Encryption, and then select Encryption Statistics.
  2. Select an object type or custom object from the left pane.

    The Sync Needed column indicates when to synchronize your data. This column displays Yes when you add or remove encryption on fields, rotate keys, or change a field’s encryption scheme.

    Note

  3. Click Sync.
    Supported standard and custom fields are encrypted with your active key material and encryption policy in the background. After the service syncs your data, it gathers statistics for the object. To view your gathered statistics, wait for your verification email and then refresh the Encryption Statistics and Data Sync page.

The sync process time varies depending on how much data you have in your object. You get an email notification when the sync process finishes. You can sync your data from the Encryption Statistics and Data Sync page once every 7 days.

If you have lots of data in Attachment—Content Body fields, the sync process breaks your request into batches and syncs them in sequence. However, sometimes we can’t encrypt all these batches at once. This service protection helps Salesforce maintain functional network loads. If the sync process finishes but the encryption statistics status is less than 100% complete, click Sync again. The background encryption service picks up where it left off.

Note