Prerequisites
Make sure to adhere to the prerequisites before continuing with integrating Securosys Primus HSM or CloudHSM with Salesforce Cache-Only Keys.
Configuring Salesforce Organization
It's required to first setup your Salesforce Organization to allow for the Salesforce Cache-Only Key Service.
Salesforce prerequisites:
- Salesforce account with Enterprise, Performance, or Unlimited Edition subscription with Salesforce Shield enabled,
- Access to either Salesforce Classic or Lightning Experience,
- Salesforce User Permissions
Manage Encryption Keys,Manage CertificatesandCustomize Application, for more info visit Salesforce documentation - Bring Your Own Key (BYOK). - Enable
Allow Cache-only Keysin Salesforce Shield Platform Encryption Advanced Settings. Optionally enableReplay Detection for Cache-Only Keys.
For a detailed Salesforce prerequisites listing, please review the in the [Salesforce - Cache-Only Key Service](https://help.salesforce.com/s/articleView?id=xcloud. security_pe_byok_cache_prereqisites.htm&type=5) section of the Salesforce Documentation.
HSM Configuration
- On-Premises
- Cloud
If you will configure the Securosys Middleware with on-premise Primus HSM security architecture, ensure that the Primus HSM is updated to the following firmware:
- Primus HSM Firmware v2.8.21, v3.2.3 or higher. You can download the Securosys Primus HSM firmware from the Securosys Support Portal (login required).
The guide does not cover the setup of the Primus HSM. Please follow the Primus HSM User Guide.
CloudHSM Economy (ECO) and Sandbox (SBX) are already pre-configured for Salesforce Cache-Only Keys.
No further action needed.
Docker installation
Before proceeding, ensure that Docker is installed and running on your system where Securosys Middleware will be installed. If Docker is not yet installed, please follow the Docker Ubuntu installation guide.
For other operating system docker installations, please see Docker documentation.