FAQ-000531 - Custom Settings and Configuration Security / Security Review and Compliance

To implement secure metadata storage and meet security review requirements, follow these approaches: 1. **Protected Custom Settings**: Use protected custom settings to securely store sensitive information. Build a custom UI (e.g., Visualforce, Aura, or LWC) for subscribers to input and manage credentials securely, ensuring only authorized users have access. 2. **Protected Custom Metadata**: Store sensitive data in protected custom metadata, ensuring it's securely configured and adheres to best practices. 3. **Named Credentials**: Package metadata and configuration securely using named credentials. Subscribers can set up actual credentials post-installation, avoiding exposure during packaging. 4. **Encryption**: For sensitive data like encryption keys, store them in protected custom settings or metadata. Use Salesforce's built-in encryption methods or secure cryptographic libraries in Apex, and ensure encryption keys are securely stored and accessible only to authorized users. 5. **Access Restrictions**: Limit access to classes that handle sensitive data to admin users only. Avoid exposing sensitive data in API responses or unnecessarily. These practices align with security review requirements and help mitigate risks associated with insecure storage of sensitive data.

The FAQ content is generally solid but has one technical issue with the encryption guidance that could be misleading. The original text mentions 'AES symmetric encryption/decryption in Apex' which could lead developers to implement custom cryptographic solutions that might be flagged by security scanners. The updated version recommends using Salesforce's built-in encryption methods or secure cryptographic libraries, which is safer and more aligned with best practices. Security rules selected: - ApexSuggestUsingNamedCred: Directly relates to point #3 about using named credentials for secure packaging, which is exactly what this rule promotes - AvoidHardcodedCredentialsInFieldDecls: Relates to the overall theme of avoiding hardcoded credentials in favor of protected storage mechanisms discussed throughout the FAQ - AvoidHardcodedCredentialsInVarDecls: Connected to the secure storage approaches mentioned in points #1 and #2 about protected custom settings and metadata - AvoidHardcodedCredentialsInVarAssign: Relevant to the access restriction guidance in point #5 about not exposing sensitive data unnecessarily - ProtectSensitiveData: Directly applicable to the entire FAQ content which focuses on protecting sensitive metadata and credentials - ApexBadCrypto: Relates to point #4 about encryption implementation, as this rule flags weak or improper cryptographic implementations