You don’t want Salesforce to generate key material for you? You have your
own crypto libraries, enterprise key management system, or hardware security module (HSM)? Now you can bring your own keys (BYOK) to
your Salesforce orgs for increased ownership of your data’s security. This feature is available in both Lightning Experience and Salesforce Classic.
You know the Salesforce promise: you own your data because we never access
it. Bring Your Own Keys brings even more depth to that promise. This pilot lets you create tenant secrets outside of Salesforce using your own crypto libraries, enterprise key management
system, or hardware security module. You grant Shield Platform Encryption’s key
management machinery access to these keys, which you can encrypt with a self-signed or certificate authority (CA) certificate’s
public key. You can revoke this access on demand via the Key Management tooling in Setup or programmatically via the API.
You’re the expert on your company’s security needs, and with Bring Your Own Keys you’re in the driver’s seat. Whatever your
service resiliency or disaster recovery posture, we’ll support you in providing the best security for your data.