Note: This release is in preview. Features described here don’t become generally available until the latest general availability date that Salesforce announces for this release. Before then, and where features are noted as beta, pilot, or developer preview, we can’t guarantee general availability within any particular time frame or at all. Make your purchase decisions only on the basis of generally available products and features.

Test More Shield Platform Encryption Functionality in Scratch Orgs

Shield Platform Encryption offers more configurable features in scratch orgs, giving developers a better testing and app development experience. You can now manually set how often you want to rotate key material, gather statistics on encrypted data, and synchronize data with active keys. Shorter key rotation and management cycles help you test and debug automated processes, especially processes that depend on SOQL queries. Finally, customers who have purchased the Cache Only Key service can now enable Cache Only Keys in scratch orgs for testing their external key service setup.

Where: This change applies to Enterprise, Performance, Unlimited, and Developer editions.

How: Add one or more of these features to your scratch org’s org definition file.
  • CacheOnlyKeys—Enables the Cache Only Keys service, which applies key material stored outside of Salesforce to data stored at-rest in Salesforce. Requires the Cache-Only Key Service add-on subscription.
  • MinKeyRotationInterval—Sets the encryption key material rotation interval at once per 60 seconds. The default (false) sets the interval at once per 604800 seconds for Search Index key material and once per 86400 seconds for all other key material. Applies to orgs with the Shield Platform Encryption add-on subscription.
  • EncryptionStatisticsInterval:<value>—Defines the interval between encryption statistics gathering processes, up to 604800 seconds (7 days). The default is once per 86400 seconds (24 hours). Indicate a value, in seconds, between 0 and 604800. Applies to orgs with the Shield Platform Encryption add-on subscription.
  • EncryptionSyncInterval:<value>—Defines how frequently the org can synchronize data with the active key material. The default value is one sync per 604800 seconds. Indicate a value, in seconds, equal to or larger than 0. Applies to orgs with the Shield Platform Encryption add-on subscription.
For example,
"features": [“CacheOnlyKeys”, "MinKeyRotationInterval", "EncryptionSyncInterval:0"]