Rendering File

Platform Encryption - Encryption at Rest

Use Case

Recently, I got a requirement to implement Salesforce Shield (platform encryption) at our salesforce organization. It brings a question to me how Salesforce uses platform encryption and encrypt the data at Rest.


If we refer Salesforce Shield Platform Encryption Implementation Guide, we get to know how below process flow works and I am not going deep into this as going through the pdf we can understand the flow and ultimately data is derived based on master key and tenant key.

For a sake of proof of concept, I have defined Case Subject, Description and Case comment fields to be encrypted.

To do this follow: Setup -> Platform Encryption

Click on Encrypt Fields link to reach Encrypt Standard Field page and defined as follows:

Then, I have created a sample case with this subject and description:

If I try to query the same case record from the Developer Console, it returns as follows:

Now, how can I prove that data is encrypted as I can see the data as usual. Moreover there is no such proof of Encypted indicator as I can see for attachment as follows:

This makes me curious about this poc.


First I described the Case Subject field from workbench and it displays as encrypted and also thought that I am an authorized user to access this record that's why I can read the data in a normal way. But I was not satisfied with this.

To make it full proof, I archived the tenant key and exported the key as backup.

Then, destroyed the tenant key based on which that case subject and description got generated.

Now, accessed the same record, it is showing ????? (means, This service is unavailable now). This means encrypted data which has been encrypted with my previous tenant key is not available.

That sounds interesting to me.

But, how can I retrieve the previous data then?

So, I imported the same previous tenant key as follows:

After importing, accessed the same case record. It showed the data again.


It gives me confidence that subject and description standard fields have been encrypted properly with Salesforce shield and encrypted at Rest.

Further Reading

Platform Encryption - Things to know before activating Platform Shield

Untuk pemesanan, hubungi kami melalui kontak yang tersedia berikut:

Chat WhatsApp Kirim SMS Telpon

Komentar (0)

Posting Komentar