Apex Code Development You need to sign in to do that
Don't have an account?
Hope E. Shiel encryption cache-only key issues
Hi,
In our SF orgs I used probabilistic encryptions before and generated a cash-only key which all worked.
Now I would like to change it to Deterministic.
In de the "Key management" settings, I go to 'choose tenant secret key' and then 'Bring your own key'.
In dev is all okay but in uat and production I dont see the cache-only key options at all.
also in advanced setting, I'm not able to see for example 'Allow Cache-Only Keys with BYOK'.
what could be wrong then.
any idea please?
thank you!
In our SF orgs I used probabilistic encryptions before and generated a cash-only key which all worked.
Now I would like to change it to Deterministic.
In de the "Key management" settings, I go to 'choose tenant secret key' and then 'Bring your own key'.
In dev is all okay but in uat and production I dont see the cache-only key options at all.
also in advanced setting, I'm not able to see for example 'Allow Cache-Only Keys with BYOK'.
what could be wrong then.
any idea please?
thank you!
The Cache-Only Key Service is a feature of Salesforce Shield Platform Encryption that allows for non-persisted key material. If the Cache-Only Key Service is not enabled, then the cache-only key options will not be available in the Key Management settings.
Related doc https://help.salesforce.com/s/articleView?id=sf.security_pe_byok_cache_troubleshoot.htm&type=5 mentions that Available as an add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires purchasing Salesforce Shield. Available in Developer Edition at no charge for orgs created in Summer ’15 and later.
Also see https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/security_pe_byok_cache.htm
If this information helps, please mark the answer as best. Thank you
as I mentioned we used this option before and now it's also in use for probabilistic type of encryptions.