Setting a Rotation Policy

As a good key management practice, you can automatically rotate your tenant secrets. Each of the four secret types -- Analytics, Data, Deterministic, and Search Index -- set rotation policies separately.

Set a rotation policy

1. Navigate to your service through View Services (My Servicesfor application owners). Click the service name.

2. Click the Rotation Policies tab, below the service details. Rotation policies for each key type are listed alphabetically. Locate the secret type you would like to set a policy for. Your Salesforce organization must have Analytics and Deterministic secret types enabled to rotate those secret types.

3. Click the "Automatic Rotation" toggle to set it from OFF to ON.

4. Select a usage period of 3 months, 6 months, 12 months, or 24 months from the dropdown menu. This setting is the maximum age allowed for a tenant secret. Once the active tenant secret reaches this age, the secret is rotated. By default, this value is 6 months.

5. Click Save Schedule.

   Note

   If you set a maximum age which is older than the age of your current active tenant secret, the tenant secret is rotated shortly after you click Save Schedule, within the current day.

6. If you wish to edit the usage period, click Edit Schedule.

   A notice appears indicating the last rotation date and time, and the next scheduled rotation date and time.