FAQ-001525 - Proactive Security Architecture Review / Pre-Approval and Validation

To get pre-approval for an alternative architectural approach to handling credentials: 1. Submit a detailed support case through the Salesforce Partner Community. 2. Include a clear explanation of your proposed approach, its use case, and how it follows security best practices. 3. Provide supporting documentation, such as design diagrams or code snippets, to help reviewers understand your implementation. 4. Reference Salesforce resources like the Named Credentials documentation or secure secrets storage guidelines to justify your approach.

The answer needed minor improvements for clarity and tone consistency with the brand guidelines. Changed 'adheres to' to 'follows' for more conversational language, and removed 'if applicable' which was unnecessary and made the sentence less direct. These changes maintain all the original information while making the text more accessible and actionable. Regarding security rules selected: - ApexSuggestUsingNamedCred: This FAQ discusses getting pre-approval for credential handling approaches, and Named Credentials are the primary recommended secure approach for handling external system credentials in Salesforce, making this rule directly relevant to the FAQ's core topic. - AvoidHardcodedCredentialsInFieldDecls: The FAQ addresses alternative approaches to credential handling, and this rule identifies one of the key security violations (hardcoded credentials in field declarations) that developers might need alternatives for. - AvoidHardcodedCredentialsInVarDecls: Related to the above, this rule covers another common credential security violation (hardcoded credentials in variable declarations) that would require alternative architectural approaches. - AvoidHardcodedCredentialsInVarAssign: This rule identifies hardcoded credentials in variable assignments, another pattern that developers would need secure alternatives for when seeking pre-approval. - AvoidHardcodedCredentialsInHttpHeader: This rule covers hardcoded credentials in HTTP headers, which is another scenario where developers would need to seek pre-approval for alternative secure credential handling approaches.