Definition
Key Management is a Setup page where administrators manage encryption keys used by Shield Platform Encryption, including generating new tenant secrets, rotating keys, archiving old secrets, and configuring key material sources. Proper key management ensures that encrypted data remains secure and recoverable.
Real-World Example
Following their annual security policy, the admin at FinServe Bank navigates to Key Management and rotates the tenant secret used for Platform Encryption. The old secret is archived (existing data remains readable), and a new secret is generated. She then initiates a background re-encryption process to encrypt all existing records with the new key material.
Why Key Management Matters
Key Management in Salesforce is a Setup page where administrators manage the encryption keys used by Shield Platform Encryption. From this page, admins generate new tenant secrets, rotate existing ones, archive old secrets, and configure key material sources including the option to use an external key management service (Bring Your Own Key or Cache-Only Key Service). Proper key management ensures that encrypted data remains both secure and recoverable — if all key material is lost, encrypted data becomes permanently unreadable. The Key Management page provides a centralized view of key status, showing which secrets are active, archived, or destroyed.
As organizations encrypt more fields, files, and attachments with Shield Platform Encryption, key management practices directly impact data availability and compliance posture. Regulatory frameworks like PCI-DSS, HIPAA, and SOC 2 require documented key rotation schedules, access controls on key management functions, and proof that old keys are properly archived rather than destroyed prematurely. The consequences of poor key management include data loss if active keys are accidentally destroyed, audit failures if rotation schedules are not followed, and security vulnerabilities if keys are never rotated. Organizations should restrict Key Management access to a small number of trusted administrators and maintain runbooks documenting every key operation.
How Organizations Use Key Management
- FinServe Bank — FinServe Bank's admin follows an annual key rotation policy by navigating to Key Management, archiving the current tenant secret, and generating a new one. The archived secret ensures previously encrypted data remains readable while the new secret encrypts all new data. She then initiates a background re-encryption job to re-encrypt existing records with the new key material, completing the rotation cycle within their compliance window.
- MedGuard Health Systems — MedGuard Health Systems uses Key Management to configure Cache-Only Key Service, ensuring their encryption key material is sourced from their own on-premises hardware security module (HSM). During a compliance audit, they demonstrated through the Key Management interface that key material never persists on Salesforce servers — it is fetched from their HSM on demand, satisfying the strictest data sovereignty requirements.
- TrustCore Insurance — TrustCore Insurance restricts Key Management access to only two designated security administrators using a custom permission set. Their quarterly access review verifies that no additional users have been granted key management permissions. When one of the two admins left the company, the remaining admin immediately rotated the tenant secret as a precaution and updated the access log, following their documented key custodian transition procedure.