Definition
In Salesforce Shield Platform Encryption, the primary Hardware Security Module that stores the master wrapping key used to protect all derived tenant secrets and encryption keys across the platform.
Real-World Example
a Salesforce administrator at Coastal Health uses Master HSM to maintain data quality and enforce organizational policies across the platform. By properly setting up Master HSM, they prevent common data entry errors and ensure that users follow established business processes, which saves the support team hours of cleanup work each week.
Why Master HSM Matters
In Salesforce Shield Platform Encryption, the Master HSM is the primary Hardware Security Module that stores the master wrapping key used to protect all derived tenant secrets and encryption keys across the platform. HSMs are tamper-resistant hardware devices designed for secure key storage and cryptographic operations. The Master HSM is the root of the key management hierarchy, with all other keys derived from or wrapped by keys stored in it.
Most Salesforce administrators don't interact with the Master HSM directly because it's part of the underlying infrastructure managed by Salesforce. Knowing about it matters for understanding how Platform Encryption maintains key security at the foundation level and for explaining the encryption architecture to compliance auditors. The Master HSM approach is what makes Platform Encryption secure even at multi-tenant scale: keys are protected by hardware that no software access can compromise.
How Organizations Use Master HSM
- •Coastal Health — Documents the Master HSM-based key protection in their compliance evidence package for HIPAA auditors.
- •Redwood Financial — Trusts the Master HSM infrastructure to protect keys at the hardware level, satisfying their banking regulator requirements.
- •ShieldGuard Security — Uses HSM documentation as part of explaining the Platform Encryption security architecture to auditors.