Getting Started with Salesforce Cache-Only Key Service

This Quickstart section provides a comprehensive task listing of integrating the Salesforce Cache-Only Key Service with Primus HSM or CloudHSM. For more detailed instructions please consult the Installation section. Visit Prerequisites for the necessary preparations beforehand.

tip

Parameters in this document are shown as an example. Replace these parameters with your own.

Prerequisites

Make sure to adhere to the Prerequisites before integrating the Securosys Primus HSM or CloudHSM with Salesforce Cache-only keys.

Configure your Salesforce organization

Configure your Salesforce organization to allow the use of cache-only keys. See Installation for more details.

This requires setting up permissions for Salesforce users see Prerequisites for more information on the required permissions.

Obtain the Salesforce BYOK certificate

To create key cache only key material, the public key from the BYOK certificate will be used to encrypt your cache-only key material generated in your Primus HSM or CloudHSM.

Download your BYOK certificate from your Salesforce organization and save it to your host device which will run the Securosys Middleware.

A CA-signed certificate can also be used. See Generate Salesforce BYOK-Compatible Certificate for more information.

Deploy the Securosys middleware for Salesforce Cache-only keys

Using Docker, deploy the Securosys Middleware, first configuring it's .yml file specifying the required parameters for the HSM connection as well as the location of the BYOK certificate.

See Configuration for more information.