Key Broker for Salesforce
Note
The Key Broker for Salesforce service is no longer available for provisioning. Improved key broker abilities are available through the CipherTrust Cloud Key Manager (CCKM), part of the CipherTrust Data Security Platform as a Service (CDSPaaS) tile.
See the End-of-Sale Announcement and the CDSPaaS Service Documentation for more information.
For more information about migrating your Key Broker for Salesforce to CipherTrust Data Security Platform as a Service see Migrating Key Broker for Salesforce to CipherTrust Data Security Platform as a Service.
The Key Broker for Salesforce service provides high-entropy tenant secrets for the Bring Your Own Key (BYOK) feature in Salesforce Shield Platform Encryption. These tenant secrets are protected by a HSM root of trust. The Key Broker service also includes functions to view and manage tenant secrets, including capabilities to revoke Salesforce access, and to restore secrets back to Salesforce.
If you create sandbox organizations, keep in mind that there is a one-to-one relationship between Key Broker services and Salesforce organizations. Making a sandbox copy of an existing organization does not allow the new sandbox to access the Key Broker services associated with the existing organization. Similarly, if you create a Key Broker service associated with a sandbox, that sandbox's production or development organization will not have access to that Key Broker service.
