Your suggested change has been received. Thank you.

Free Registration
- Explore Thales Docs

Accounts
Services
Technical Resources
DPoD APIs

All

All
CipherTrust Manager
CipherTrust Application Data Protection (CADP)
CipherTrust Application Key Management (CAKM)
CipherTrust Batch Data Transformation (BDT)
CipherTrust Cloud Key Management (CCKM)
CipherTrust Data Discovery and Classification (DDC)
CipherTrust Data Protection Gateway (DPG)
CipherTrust Database Protection (CDP)
CipherTrust Intelligent Protection (CIP)
CipherTrust Integrations
CipherTrust Migrations
CipherTrust RESTful Data Protection (CRDP)
CipherTrust Transparent Encryption (CTE)
CipherTrust Transparent Encryption Userspace (CTE-U)
CipherTrust Secrets Management (CSM)
CipherTrust Vaulted Tokenization (CT-V)
CipherTrust Vaultless Tokenization (CT-VL)
CTE-Linux
CTE-Windows
CTE-AIX
CTE-K8s
CTE-U
Crypto Command Center
Data Protection on Demand
Luna Cloud HSM
Luna Network HSM
Luna PCIe HSM
Luna USB HSM
OneWelcome Identity Platform
ProtectApp LUKS
ProtectServer 2 HSM
ProtectServer 3 HSM
SafeNet Trusted Access (STA)
SafeNet MobilePASS+
SafeNet MobilePASS+ for Android
SafeNet MobilePASS+ for Chrome
SafeNet MobilePASS+ for macOS
SafeNet MobilePASS+ for iOS
SafeNet MobilePASS+ for WatchOS
SafeNet MobilePASS+ for Windows
SafeNet Synchronization Agent
SafeNet Logging Agent
SafeNet Agent for FreeRADIUS
SafeNet Agent for NPS
SafeNet Agent for Windows Logon
SafeNet Authentication Service Private Cloud Edition (SAS PCE)
SafeNet Remote Logging Agent
SafeNet Keycloak Agent
SafeNet IDPrime Virtual (IDPV)
SafeNet FIDO Key Manager
SafeNet FIDO Key Manager for Android
SafeNet FIDO Key Manager for iOS
SafeNet FIDO Key Manager for Windows

Key Broker for Salesforce

Adding a Key Broker for Salesforce Service

Services
Luna Cloud HSM Services
Luna Cloud HSM Service Integrations
CipherTrust Key Management Services
- Key Broker for Salesforce
  - Adding a Key Broker for Salesforce Service
  - Managing a Key Broker for Salesforce Service
  - Setting a Rotation Policy
  - Migrating Key Broker for Salesforce to CipherTrust Data Security Platform as a Service
- Key Broker for Google Cloud EKM
  - Service Guide
  - Key Setup Guide
  - Key Use Guide
  - Frequently Asked Questions
  - Migrating Key Broker for Google Cloud EKM to CipherTrust Data Security Platform as a Service
- CipherTrust Data Security Platform as a Service
payShield Cloud Services
- payShield Cloud HSM Service
  - Service Overview
  - Prerequisites
  - Getting Started
    - payShield Cloud HSM Configuration/Subscription Options
    - How to Subscribe to the payShield Cloud HSM Service
  - Service Specifications
  - Connecting to the payShield Cloud HSM Service
    - Azure Connection Guide
    - GCP Connection Guide
    - AWS Connectiontion Guide
  - Service Provisioning from DPoD Platform
    - Trial Tier Provisioning
    - Production Tier Provisioning
    - View Sevice Status
  - HSM Management using payShield Manager
    - Preparing for HSM Commission
    - Steps to Commission payShield Manager
    - Adding Another HSM to the Security Domain
    - Transitioning between HSM States via payShield Manager
    - Viewing Network Interfaces in payShield Manager
  - HSM Deprovisioning
  - APPENDIX A - Glossary
  - APPENDIX B - DPoD Errors
- Point-to-Point Encryption
  - Adding a Point-to-Point Encryption Service
  - Using the service
  - P2PE CLI
    - p2pe key
    - p2pe service
    - p2pe tls
  - P2PE REST API
  - P2PE errors
  - Service Details
  - Frequently Asked Questions
Partner Services

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

DPoD Documentation
Services
CipherTrust Key Management Services
Key Broker for Salesforce
Adding a Key Broker for Salesforce Service

Adding a Key Broker for Salesforce Service

During this procedure, you allow the Key Broker service access to a Salesforce user account, so that a secure connection can be established, and tenant secrets can be uploaded. The Key Broker service creates a new BYOK certificate to wrap tenant secrets with, so you do not need to generate one yourself.

Prerequisites

You need a Salesforce user account with the following permissions: API Enabled, Manage Encryption Keys, and Modify All Data. The organization must have Platform Encryption enabled; only developer and production organizations, not trial organizations, have Platform Encryption available. Consult Salesforce Documentation for information on configuring these permissions.

You require a DPoD subscriber tenant to provision a CipherTrust Data Security Platform service. See Register a Subscriber Tenant for more information about creating a DPoD subscriber tenant.

Create a Key Broker for Salesforce Service

Log in to your DPoD enterprise tenant as a user with tenant administrator or application owner privileges.
Open the Services tab and select the Add Service heading. Navigate the marketplace categories and click Create Service on the service that you would like to provision. If you have not Purchased a Service Subscription or previously completed a trial for the service, the option will display as Try Service.

You are redirected to a Salesforce log in portal.
Log in to Salesforce as a user with the permissions described in Prerequisites.
You are requested to allow DPoD access to Salesforce. If the listed permissions are "Access your basic information", "Access and manage your data", and "Perform requests on your behalf at any time", click Allow.
You are returned to the DPoD "Add Service" wizard. Review the Terms of Service and click Next.
On the Configure Service page, enter the required criteria for the service.

Tip

If you choose to generate the secret later, refer to Managing a SalesForce KeyBroker Service. If you choose to generate a tenant secret immediately, you are prompted to check one or more of the different secret types, which are Data, Deterministic, Analytics, or Search Index. Your Salesforce organization must have Analytics and Deterministic secret types enabled to generate those secret types.

Click Next.
Review the service summary page, including information about the associated Salesforce account. If you have chosen to generate any tenant secrets, the summary indicates if your secrets generated successfully. If a secret failed to generate, there is a message available indicating the problem. Click Close to exit the wizard.

On this page

Create a Key Broker for Salesforce Service

DPoD Documentation

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Services
Support
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Print

Suggest An Edit

Download this Page

Download Project

Copy Link

Copy Link