Skip to main content

Integrate Salesforce with Securosys Cache-Only Keys Middleware

Configure an External Credential

The external credential provides the external KMS the authentication to supply a key to your org.

  1. In Setup, in the Quick Find box, enter Named Credentials, and then select Named Credentials.
  2. Click External Credentials.
  3. Enter a label and name for the external credential.
  4. From the Authentication Protocol dropdown list, select No Authentication.
  5. Save the new external named credential. Salesforce shows the properties page for your new named credential.

Leave the properties page open and then go on to configure an external named principal.

Configure an External Named Principal

The external named principal links an external credential to a permission set, so your org can make calls by using the named credential.

  1. If you aren’t there already, open the properties page for the external credential for which you want to create a named principal.
  2. In the Principals box, click New.
  3. Enter a parameter name and leave the rest of the values as is.
  4. Save the new external named principal.

Next, create the linking permission set.

Create a Permission Set for the Named Principal

The members of the permission set can access the named principal.

Review Enable External Credential Principals for details on creating a permission set for a named principal.

  1. In Setup, in the Quick Find box, enter Permission Sets, and then select Permission Sets.
  2. Select New.
  3. Enter a label and an API name for the permission set.
  4. Save the permission set. Salesforce shows the properties page for your new permission set.
  5. While you're here, get the ID of the permission set from the browser address bar. You need the permission set ID later when you assign users. The permission set ID is everything to the right of %2F in the URL.
  6. To show the principal access properties, select External Credential Principal Access.
  7. In the External Credential Principal Access section, click Edit. Salesforce shows the external principal chooser.
  8. Select the principal that you want to use, click Add, and then save your changes.

Next, assign the Automated Process user (autoproc) to the permission set.

Create a Named Credential for the Cache-Only Key

The named credential specifies the URL of a called endpoint and its required authentication parameters in one definition.

  1. In Setup, in the Quick Find box, enter Named Credentials and then select Named Credentials.
  2. Click New.
  3. Enter values for the credential label and name.
  4. In the URL field, enter the URL to the deployed Securosys Middleware.
  5. In the External Credentials field, enter the name of the external credential you created previously.

Use the Named Credential with a New Cache-Only Key

Define the cache-only key object that represents the external key.

  1. In Setup, in the Quick Find box, enter Key Management, and then select Key Management.
  2. Click BYOK. Salesforce shows the Bring Your Own Key page.
  3. From the Choose Certificate dropdown list, select the BYOK-compatible certificate previously created, see Installation.
  4. Select Use a Cache-Only Key.
  5. Enter the unique identifier for the external key, this key is then automatically created by the Securosys HSM.
  6. From the Named Credential dropdown list, select the named credential that you created earlier. Salesforce checks the connection to the endpoint specified by the named credential. If Salesforce can reach the endpoint, the key specified for the unique key identifier becomes the active key. All data marked for encryption by your encryption policy is encrypted with your cache-only key. If Salesforce can’t reach the specified endpoint, it displays an error to help you troubleshoot the connection.
  7. When Salesforce can reach the endpoint, save your work.
Get started withCloudHSM for free.
Other questions?Ask Sales.
Last updated on
Feedback
Need help?