1. From Setup, in the Quick Find box, enter PlatformEncryption, and then select KeyManagement.
2. From the Choose Tenant Secret Type dropdown, choose a data type.
3. Check the status of the data type’s tenant secrets. Existing tenant secrets are listed as active, archived, or destroyed.ACTIVECan be used to encrypt and decrypt new or existing data.ARCHIVEDCan’t encrypt new data. Can be used to decrypt data previously encrypted with this key when it was active.DESTROYEDCan’t encrypt or decrypt data. Data encrypted with this key when it was active can no longer be decrypted. Files and attachments encrypted with this key can no longer be downloaded.
4. Click Generate New Tenant Secret or BringYour Own Key. If uploading a customer-supplied tenant secret, upload your encrypted tenant secret and tenant secret hash.
5. If you want to re-encrypt field values with your active key material, contact Salesforce Customer Support. We’ll help you encrypt existing data in the background to ensure data alignment with your latest encryption policy and key material configuration.Warning For clean and consistent results, we recommend that youcontact Salesforce Customer Support for help reencrypting your data. You canapply your active key material to existing records by editing them throughSetup, or programmatically through the API. Editing a record triggers theencryption service to encrypt the existing data again using the newest keymaterial. This update changes the record’s timestamp, and the update isrecorded in the field history or Feed History. However, the field history inthe History related list and Feed History aren’t reencrypted with the newkey material.