Key Pairs are public/private cryptographic key combinations used in asymmetric cryptography for secure communication.

What's a common Salesforce use of key pairs?

Key pairs are commonly used for JWT bearer flow in connected app auth and for SSL/TLS certificates.

How should private keys be managed?

Private keys must be protected through secrets management and never committed to code or shared beyond authorized systems.

Key Pair

Administration🔴 Advanced

Definition

In Salesforce security, a set of public and private cryptographic keys used for SSL/TLS certificates, connected app authentication (JWT bearer flow), or API integrations requiring secure communication.

Real-World Example

the system admin at BrightEdge Solutions uses Key Pair to control how users interact with Salesforce data and features. After configuring Key Pair in the sandbox and validating it with key stakeholders, they roll it out to production. User adoption improves because the interface now matches how teams actually work.

Why Key Pair Matters

In Salesforce security, a Key Pair is a set of public and private cryptographic keys used in asymmetric cryptography. The public key can be shared widely; the private key must be kept secret. Together, they enable secure communication and authentication: data encrypted with the public key can only be decrypted with the private key, and signatures made with the private key can be verified with the public key. Salesforce uses key pairs for SSL/TLS certificates, connected app authentication (especially the JWT bearer flow), and various API integrations requiring secure handshakes.

Managing key pairs is part of integration security: the private key needs to be protected (stored securely, access-controlled), and the public key gets shared with the systems that need to verify authentication or encrypt data for the holder of the private key. For Salesforce connected apps using JWT bearer flow, the developer creates a key pair, registers the public key with the connected app, and uses the private key to sign authentication requests. The platform verifies the signature using the public key, confirming the request came from someone holding the corresponding private key.

How Organizations Use Key Pair

•Quantum Labs — Uses JWT bearer flow with a key pair for server-to-server authentication, eliminating the need to store and rotate user passwords for integrations.
•TerraForm Tech — Manages key pairs for SSL certificates on their custom domains, rotating them annually for security.
•CodeBridge — Stores private keys in their secrets management system (not in code) and only the public key gets registered with Salesforce connected apps.