FAQ-000711 - Data Storage and Encryption Security / Encryption and Key Management

To encrypt and decrypt passwords for testing platforms, follow these best practices: Use AES-256 encryption or higher for secure encryption (AES-128 is the minimum acceptable standard), store the encryption key securely in a protected custom setting or custom metadata, avoid storing passwords in plain text or logging them in debug statements, use Salesforce's built-in encryption libraries whenever possible, and ensure that the decrypted value is only accessible to authorized callers.

The main issue identified is outdated encryption standards. The original answer recommends "AES-128 encryption or higher" as the primary standard, but modern security best practices strongly favor AES-256 as the recommended standard, with AES-128 being the minimum acceptable level. This update clarifies that AES-256 should be preferred while noting AES-128 remains acceptable. I also refined "vendor-provided encryption libraries" to "Salesforce's built-in encryption libraries" for clarity in the Salesforce context. All other content remains unchanged to preserve the existing structure and completeness. Regarding related security rules: - ApexBadCrypto: Directly applies because the FAQ discusses encryption methods and this rule detects weak cryptographic practices in Apex code - AvoidHardcodedCredentialsInFieldDecls: Relates to the FAQ's guidance about avoiding plain text password storage, as this rule prevents hardcoded credentials in field declarations - AvoidHardcodedCredentialsInVarDecls: Connects to the FAQ's advice on secure password handling, as this rule detects hardcoded credentials in variable declarations - AvoidHardcodedCredentialsInVarAssign: Relevant to the FAQ's emphasis on not storing passwords insecurely, as this rule catches hardcoded credentials in variable assignments - ApexSuggestUsingNamedCred: Applies to the FAQ's discussion of secure credential storage, as this rule promotes using Named Credentials instead of hardcoded authentication