Tenant Secret
In Salesforce Shield Platform Encryption, an org-specific secret generated by the customer that combines with Salesforce's master secret to derive the encryption keys used to encrypt and decrypt the org's data.
Definition
In Salesforce Shield Platform Encryption, an org-specific secret generated by the customer that combines with Salesforce's master secret to derive the encryption keys used to encrypt and decrypt the org's data.
In plain English
“A Tenant Secret in Salesforce Shield Platform Encryption is an org-specific secret that combines with Salesforce's master secret to create the encryption keys protecting your data. You generate it in Setup, and rotating it periodically is a security best practice.”
Worked example
Brookwell Insurance enables Salesforce Shield Platform Encryption and rotates their Tenant Secret quarterly per security policy. The admin opens Setup → Key Management → Tenant Secret → Generate Tenant Secret; Salesforce's Hardware Security Modules combine the new Tenant Secret with the master secret via the Key Derivation Function to produce the org's actual data encryption keys. New data encrypts under the new keys; existing data continues to be decrypted with archived keys. The Tenant Secret is the customer-controlled half of the encryption foundation; rotating it on schedule is a baseline compliance practice.
Why Tenant Secret matters
In Salesforce Shield Platform Encryption, a Tenant Secret is an org-specific secret generated by the customer that combines with Salesforce's master secret to derive the encryption keys used to encrypt data at rest. This dual-secret approach means neither Salesforce alone nor the customer alone can access the encrypted data; both secrets are needed.
Tenant secrets are a critical security component for Shield Platform Encryption. Organizations should rotate tenant secrets periodically (generating new ones to replace old ones) as part of encryption key management. Mature security programs maintain key rotation schedules and understand the implications of secret generation, rotation, and archival.
How organizations use Tenant Secret
Rotates tenant secrets on a scheduled basis as part of encryption key management.
Maintains documented tenant secret rotation procedures.
Uses tenant secrets as part of HIPAA-compliant encryption configuration.
Trust & references
Straight from the source - Salesforce's reference material on Tenant Secret.
- Generate a Tenant Secret with SalesforceSalesforce Help
- The Shield Platform Encryption Process for Tenant SecretsSalesforce Help
Test your knowledge
Q1. What is a Tenant Secret?
Q2. Why dual secrets?
Q3. What should you do periodically?
Discussion
Loading discussion…