Prerequisites
Make sure to adhere to the following prerequisites before continuing with integrating Securosys Primus HSM or CloudHSM with Salesforce BYOK.
Salesforce Organization Configuration
You need to set up your Salesforce Organization before being able to use Salesforce BYOK. This includes:
- Salesforce account with Enterprise, Performance, or Unlimited Edition subscription with Salesforce Shield enabled,
- Either Salesforce Classic or Lightning Experience,
- Salesforce User Permissions
Manage Encryption Keys,Manage CertificatesandCustomize Application.- See the Salesforce BYOK documentation for more information.
Primus HSM Configuration
You will need either a Securosys Primus HSM or a CloudHSM subscription.
- On-Premise
- CloudHSM
For on-premise Primus HSMs, the following setup steps are required:
- Complete the Initial Wizard to get the HSM into a basic operational state.
- Create an HSM Partition where Salesforce will store its keys.
- Note down the Setup Password of your Partition (or create a new one).
- Make sure that the following config options are enabled, both on the device-level and on the partition-level:
- JCE API
- Key export
- Key extraction
For detailed instructions on how to perform these tasks, please see the Primus HSM User Guide.
CloudHSM Economy (ECO) and Sandbox (SBX) are already pre-configured for Salesforce BYOK.
No further action needed. Only make sure that you have your HSM Partition connectivity information and credentials ready.
Primus Tools
Install the Securosys Primus Tools on a local computer. You will use the Primus Tools to securely transfer the key material from the HSM to Salesforce.