Veeam Backup for Salesforce 3
User Guide
Related documents
Search

Step 5. Configure Encryption Settings

At the Encryption step of the wizard, you can configure the following encryption settings:

  1. In the Encryption settings section, choose whether you want to encrypt specific object fields, file types or both. If you do not select any object fields or file types, this data will not be encrypted.

For an object field to be displayed in the list of available fields, both the object and the field must be added to the backup scope specified for the backup policy at step 3. For a file type to be displayed in the list of available file types, it must be included in the list of backup files and attachments added to the backup policy at step 4.

Important

  • Veeam Backup for Salesforce supports encryption of the following field types only: Text, TextArea, Text Area (Long), Text (Encrypted), Address, Number, Email, Text Formula, Number Formula, Percent Formula, Currency Formula, Geolocation. For more information on Salesforce field types, see Salesforce Documentation.
  • If an object record that you want to back up contains fields that have been specified as filtering conditions in an archival policy, you will not be able to encrypt these fields. Edit the filtering criteria settings of the archival policy — and then modify the backup policy settings to encrypt these fields.
  • By default, you can encrypt maximum 10 fields for one object. To be able to encrypt more object fields, modify the encryption.data.object.max.field parameter value as described in section Configuring Advanced Settings.
  1. In the Encryption key section, choose whether you want to encrypt backed-up data using an AWS master key or a built-in master key generated by Veeam Backup for Salesforce. If you want to use an AWS master key, you must also select the region to which the key belongs.

For an AWS master key to be displayed in the list of available keys, it must be added to the selected region in an AWS account as described in AWS Documentation, and this account must be connected to Veeam Backup for Salesforce as described in section Configuring Encryption Settings. If you have not connected the AWS account beforehand, you can do it without closing the Add Backup Policy window. To do that, click Add AWS KMS Connection and follow the instructions provided in section Adding Connections.

When you complete the Add Backup Policy wizard for the first time, Veeam Backup for Salesforce does not run an encryption job, but uses data and file jobs to encrypt fields and files. Encryption jobs run only for those backup policies that have already been used to protect fields and files (meaning these items already have backups) and previously had the encryption functionality disabled. For more information on backup job types, see Viewing Backup Policy Sessions.

Important

If you choose to encrypt backed-up data with a built-in encryption key, it is recommended that you download the data key to your workstation as described in section Managing Encryption Keys. Otherwise, Veeam Backup for Salesforce will be not able to decrypt the data in case you migrate the product to another workstation.

 

Creating Backup Policy

Page updated 10/21/2024

Page content applies to build 3.1.0.2378

View all results across Veeam
Back to document search