FAQ-000567 - Custom Settings and Configuration Security / Uncategorized

To implement updatable sensitive data storage that works with post-installation scripts in Salesforce: 1. Use **protected custom settings** or **protected custom metadata** to securely store sensitive data like cryptographic keys or credentials. These are accessible only to privileged users. 2. Avoid using global classes or methods in post-installation scripts, as these run with elevated privileges and could pose security risks. 3. Enforce proper **CRUD/FLS checks** to restrict access to sensitive data. 4. Apply **encryption** to sensitive fields using secure cryptographic methods, and store the encryption key separately in a secure location like Named Credentials. These steps ensure secure and compliant handling of sensitive data during and after installation.

The FAQ content is generally accurate and well-structured. The main improvement made was enhancing point 4 to be more specific about using "secure cryptographic methods" for encryption and specifically recommending Named Credentials as a secure location for storing encryption keys. This aligns with Salesforce security best practices for avoiding hardcoded credentials. Security rules selected: - ApexBadCrypto: Relates to FAQ point 4 about applying encryption to sensitive fields, ensuring secure cryptographic practices - ApexCRUDViolation: Directly relates to FAQ point 3 about enforcing proper CRUD/FLS checks - AvoidGlobalInstallUninstallHandlers: Directly relates to FAQ point 2 about avoiding global classes in post-installation scripts - ApexSuggestUsingNamedCred: Relates to the secure storage of credentials mentioned in points 1 and 4 - AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, AvoidHardcodedCredentialsInVarAssign: All relate to the FAQ's discussion of securely storing sensitive data like cryptographic keys and credentials - ProtectSensitiveData: Broadly relates to the entire FAQ topic of implementing updatable sensitive data storage securely