DuoKey logotype

Securing Salesforce

Enhance security and control over your Salesforce data with our Bring Your Own Key (BYOK) solution and CacheOnly Key Wrapper

Scroll for more

DuoKey for Salesforce

Enhance Salesforce Security with BYOK & CacheOnly Key Wrapper

DuoKey for Salesforce

At DuoKey, we understand the importance of data security and compliance within your Salesforce environment.

With DuoKey's BYOK for Salesforce integration, you can take full control of your encryption keys and ensure the utmost protection for your sensitive data. By bringing your own keys, you can leverage your existing key management infrastructure and maintain complete ownership and control over your encryption keys. This enables you to meet regulatory requirements, such as GDPR, HIPAA, and CCPA, and implement a strong security posture for your Salesforce data.

Additionally, DuoKey CacheOnly Key Wrapper provides an added layer of security for your Salesforce platform. By isolating encryption keys in a secure cache, we ensure that sensitive data is decrypted only when necessary and for a limited duration. This approach minimizes the exposure of sensitive data, reduces the risk of unauthorized access, and enhances your overall data protection strategy.

Auditable Data Protection

DuoKey offers comprehensive auditing and logging capabilities, providing a detailed record of key management activities and data access. This helps customers demonstrate compliance and maintain an audit trail for regulatory purposes.


Salesforce provides a feature called BYOK, which allows customers to use their own encryption keys for securing their data stored in Salesforce. This approach gives customers more control over their encryption keys and, by extension, their data security.

DuoKey enhances this concept by providing a specialized service that integrates with Salesforce’s BYOK feature. DuoKey's service is designed to generate, manage, and store these encryption keys securely, leveraging advanced security protocols and technologies.

Data Sovereignty

With DuoKey, customers can maintain full control and sovereignty over their data within the Salesforce environment. Our solution allows you to bring your own encryption keys, ensuring that your data remains protected and within your jurisdiction.

In detail

Security & privacy first

Empower Your Salesforce Data Security with BYOK & CacheOnly Key Wrapper

One of the most common way to enhance data security in Salesforce is through encryption. Salesforce provides two ways to enhance data security on its platform through Salesforce Shield: BYOK (“Bring Your Own Key”) and Cache-Only Key.

What’s BYOK?

BYOK, or "Bring Your Own Keys," is an encryption key management method. It enables organisations to create and manage their encryption keys independently outside of Salesforce.

What’s Salesforce Cache-Only Key?

Salesforce's Cache-Only Key method allows organisations to keep their encryption keys externally and not store them persistently in Salesforce. With the Cache-Only Key Service, keys are supplied as needed and temporarily held in memory (or cache).

Learn more about Salesforce Shield encryption management services in our article: "How to Protect Your Sensitive Data in Salesforce: BYOK & Cache-Only Key"

DuoKey for Salesforce

DuoKey offers a software-based key service integration for Salesforce BYOK and Cache-Only Key, using secure Multi-Party Computation (MPC) for decentralizing key access. DuoKey key service, including its BYOK integration CacheOnly Key Wrapper, enhances control and security over encryption keys allowing to:

✅ Protect sensitive data in Salesforce (including personally identifiable information (PII)) and minimise risks of data breaches and compliance violations.

✅ Maintain full control over your encryption keys to ensure data sovereignty by storing them outside of Salesforce.

✅ Comply with regulations and compliance rules (FINMA, HIPAA, GDPR, LIPAD ... ) to build customer trust.

✅ Store and manage your keys in multi-tenant and vault solutions powered by MPC or HSM.

Ensure GDPR compliance and protect personally identifiable information (PII) and sensitive data

Easily integrate our solution into your existing Salesforce environment

Bring Your Own Key and securely manage encryption keys within your organization.

Encrypt and decrypt data on the client-side, minimizing exposure of sensitive information


What our partners think of DuoKey for Salesforce

DuoKey's BYOK for Salesforce and CacheOnly Key Wrapper solution revolutionizes data security in Salesforce, offering enhanced protection, GDPR compliance, and a seamless user experience.

Salesforce Architect


We appreciate DuoKey's cutting-edge approach to cloud security. Their double key encryption and advanced key management solutions not only enhance data protection but also ensure compliance. Utilizing advanced Multi Party Computation (MPC) protocols developed over decades by our team of acclaimed researchers, DuoKey delivers a superior level of cryptographic security, making it a reliable choice for safeguarding cloud applications and sensitive data.

Ahmet Tuncay - Former CEO, Sepior ApS

Blockdaemon Inc

Scroll right

Secure your Salesforce account today