Master HSM
In Salesforce Shield Platform Encryption, the primary Hardware Security Module that stores the master wrapping key used to protect all derived tenant secrets and encryption keys across the platform.
Definition
In Salesforce Shield Platform Encryption, the primary Hardware Security Module that stores the master wrapping key used to protect all derived tenant secrets and encryption keys across the platform.
In plain English
“The Master HSM is the primary Hardware Security Module in Salesforce Shield Platform Encryption that stores the master wrapping key. The master wrapping key protects all the derived tenant secrets and encryption keys across the platform. It's the root of the key management hierarchy.”
Worked example
Dunfield Bank's Salesforce Shield Platform Encryption rests on Salesforce's Master HSM - the primary Hardware Security Module managed by Salesforce that stores the master wrapping key. The HSM is FIPS 140-2 Level 3 certified, tamper-resistant hardware. Every encryption operation in the customer's org ultimately depends on the Master HSM unwrapping a tenant secret. The HSM lives in Salesforce-controlled data centers; even Salesforce employees cannot extract the master key. The Master HSM is the root of trust for all platform encryption - its physical and operational security is what makes Shield's regulatory claims tenable.
Why Master HSM matters
In Salesforce Shield Platform Encryption, the Master HSM is the primary Hardware Security Module that stores the master wrapping key used to protect all derived tenant secrets and encryption keys across the platform. HSMs are tamper-resistant hardware devices designed for secure key storage and cryptographic operations. The Master HSM is the root of the key management hierarchy, with all other keys derived from or wrapped by keys stored in it.
Most Salesforce administrators don't interact with the Master HSM directly because it's part of the underlying infrastructure managed by Salesforce. Knowing about it matters for understanding how Platform Encryption maintains key security at the foundation level and for explaining the encryption architecture to compliance auditors. The Master HSM approach is what makes Platform Encryption secure even at multi-tenant scale: keys are protected by hardware that no software access can compromise.
How organizations use Master HSM
Documents the Master HSM-based key protection in their compliance evidence package for HIPAA auditors.
Relies on the Master HSM infrastructure to protect keys at the hardware level, satisfying their banking regulator requirements.
Uses HSM documentation as part of explaining the Platform Encryption security architecture to auditors.
Trust & references
Straight from the source - Salesforce's reference material on Master HSM.
- How Shield Platform Encryption WorksSalesforce Help
About the Author
Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.
Test your knowledge
Q1. What is the Master HSM?
Q2. Why use HSMs for key storage?
Q3. Do administrators interact with Master HSMs directly?
Discussion
Loading discussion…