Salesforce
The Salesforce connections to the CipherTrust Manager can be configured using the following:
Note
If you wish to use external certificate authentication, you must first create a valid external certificate.
Managing Salesforce Connections using GUI
- Client ID - application ID of the Salesforce application. It can be used with Client Credential, Certificate, or Password to authenticate the application. - Note - When creating multiple connections to the same Salesforce organization from different domains: - For certificate-based authentication, you must create a new "Connected App" in Salesforce for each connection. This provides a unique Client ID, as Salesforce does not allow reusing a single Client ID with multiple certificates. 
- For client credential-based authentication, you can reuse the same Client ID for multiple connections. 
 
- Cloud Name - the name of the Salesforce cloud to connect to. Currently, only the following options are available: - Salesforce Sandbox Cloud 
- Salesforce Cloud 
 
- Hostname- The hostname of the Salesforce instance to connect to. For example, test-site-aesf24.sf-onp-dc-test-02.ml. 
- Authentication - you can use the following authentication methods. - Client Credential (My Domain) - this authentication method uses Client Secret and Domain Name for the given Client ID to enable the communication between Salesforce and the CipherTrust Manager. The Domain Name is mapped to My Domain in Salesforce login and application URLs. - The client credentials don't require "username" and "password" for authentication. For details, refer to Salesforce documentation. 
- Certificate - this authentication method is used to enable password-less communication between Salesforce and the CipherTrust Manager. To do so: - Select the Certificate radio button. 
- Enter the Username. 
- Select Application or External as the Certificate Type. - The Application certificate type is generated by CipherTrust Manager and self-signed. - The External certificate type is a pre-existing certificate generated on CipherTrust Manager and then signed by a CA local or external to the CipherTrust Manager. To use this option, you first need to create a valid external certificate. 
 - Enter the authorization server’s URL for the Audience value for the Salesforce.com cloud: https://login.salesforce.com, https://test.salesforce.com. The audience identifies the authorization server as the intended audience. 
- Click the Generate and Download button. 
- Upload the downloaded certificate on Salesforce for the provided Client ID. 
- Once the upload is done, verify the Certificate Subject on the CipherTrust Manager and Salesforce. Both the Certificate Subjects must match. 
- (Optional) Specify Certificate Duration in Days. The default certificate duration is 730 days (2 years). 
 - Enter the authorization server’s URL for the Audience value for the Salesforce.com clouds: https://login.salesforce.com, https://test.salesforce.com. The audience identifies the authorization server as the intended audience. It is an optional field. 
- Provide External Certificate. Ensure that you have fulfilled the prerequisites to create a valid external certificate. Use either of the methods: - Select File Upload and click the Upload Certificate to upload the external certificate as a file. 
- Select Text and paste the certificate contents in the text box. 
 
 - Note - The CipherTrust Manager allows you to modify the external certificate in the existing connection. Any unused certificate will be automatically deleted after 24 hours. 
- Password – this authentication method uses the Client Secret, Username, and Password for the given Client ID to enable the communication between Salesforce and the CipherTrust Manager. - Note - If you have enabled the Multi-Factor authentication on the API, password authentication will not work. 
- Before creating a Salesforce connection using "Password" based authentication, ensure that the "Allow OAuth Username-Password Flows" setting is enabled on the Salesforce cloud (Salesforce > Setup > Settings > Identity > OAuth and OpenID Connect Settings > Allow OAuth Username-Password Flows). 
 
 
- (Optional) Enable Mutual TLS. 
Click Next to move to the Add Products screen of the Add Connection wizard.
Note
Currently, the only product supported for Salesforce connection is Cloud Key Manager.
Click Next to move to the next step.
Note
For Salesforce Organizations, you can provide the Mutual TLS Certificate details, you need to Enable Mutual TLS.
Mutual TLS Certificate
In the Mutual TLS Certificate section, provide the TLS Client Certificate details.
Select File Upload and click Upload Certificate to upload the certificate (in PEM format). You can also select Text and enter the certificate in the text area.
Enter the Password of TLS Client Certificate.
Click Next to move to the Add Products screen of the Add Connection wizard.
Managing Salesforce Connections using ksctl
The following operations can be performed:
- Create/Get/Update/Delete an Salesforce connection 
- List all Salesforce connections 
- Test an existing Salesforce connection 
- Test parameters for a Salesforce connection 
Authentication methods
The Salesforce connection can be created using the following authentication methods:
- Password 
- Certificate 
- Client Credential (My Domain) 
Creating a Salesforce Connection
Note
Before creating a Salesforce connection using "Password" based authentication, ensure that the "Allow OAuth Username-Password Flows" setting is enabled on the Salesforce cloud (Salesforce > Setup > Settings > Identity > OAuth and OpenID Connect Settings > Allow OAuth Username-Password Flows).
It is consumer secret based authentication. Following fields are used for authentication:
- name - username to access the Salesforce server 
- client_id - application ID of the Salesforce application 
- client_secret - consumer secret for the Salesforce application 
- password - password for the Salesforce account 
To create a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce create --name <connection-name> --products <products-names> --clientid <salesforce-client-id> --secret <salesforce-client-secret> --username <salesforce-client-username> --conn-password <salesforce-client-password> --cloudname <salesforce-cloud-name> --salesforce-hostname <salesforce-hostname>
Example Request 1
ksctl -v connectionmgmt salesforce create --name salesforce2 --products cckm --clientid "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv" --username myuser --cloudname "Salesforce Sandbox Cloud" --conn-password mypassword--xxxxfdc --secret 8177EE1E5967F39381DED2D41B363910B865AD881587AA4DF62C5E813988322A
Example Response
{
    "id": "bad74caa-25e4-42b6-a348-99190db7edf1",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce2-bad74caa-25e4-42b6-a348-99190db7edf1",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2023-06-14T12:43:10.528951737Z",
    "updatedAt": "2023-06-14T12:43:10.527954022Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce2",
    "products": [
            "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv",
    "username": "myuser"
}
Example Request 2
ksctl connectionmgmt salesforce create --name salesforce2 --products cckm --clientid "123456" --username xyz@gmail.com --cloudname "Salesforce Sandbox Cloud" --conn-password abxxxxcpsa--xxxxsfdc --secret 8177EE1E5967F39381DED2D41B363910B865AD881587AA4DF62C5E813988322A --salesforce-hostname "xyz-org.my.salesforce.com"
Example Response
{
    "id": "bad74caa-25e4-42b6-a348-99190db7edf1",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce2-bad74caa-25e4-42b6-a348-99190db7edf1",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2023-06-14T12:43:10.528951737Z",
    "updatedAt": "2023-06-14T12:43:10.527954022Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce2",
    "products": [
        "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "123456",
    "username": "xyz@gmail.com",
    "hostname": "xyz-org.my.salesforce.com"
}
It is certificate-based authentication. Following fields are used for authentication:
- name - username to access the Salesforce server. 
- client_id - application ID of the Salesforce application. 
- certificate - represents the internal/external certificate. 
The Salesforce connection can be created using:
- Internal certificate 
- External certificate 
You can also enable mutual TLS (mTLS) for a Salesforce connection.
Parameters Details
| Parameter | Mandatory/Optional | Description | 
|---|---|---|
| name | Mandatory | Name of the connection. | 
| products | Mandatory | List of products. | 
| clientid | Mandatory | Application ID of the Salesforce application. | 
| username | Mandatory | Username used to access the server. | 
| cloudname | Mandatory | Name of the Salesforce cloud to connect to | 
| certificate | Mandatory | Represents the internal/external certificate. | 
| certificate-duration | Optional | Certificate duration in days. The default certificate duration is 730 days (2 years). | 
| salesforce-hostname | Optional | The hostname of the Salesforce instance to connect to. | 
| audience | Optional | the authorization server’s URL for the audience value for the Salesforce.com clouds: https://login.salesforce.com, https://test.salesforce.com. The audience identifies the authorization server as the intended audience. | 
Using Internal certificate
To create a Salesforce connection using internally generated self-signed certificate, run:
Syntax
ksctl connectionmgmt salesforce create --name <Connection-Name> --products <Products-Names> --clientid <Salesforce-Key-ID> --username <Salesforce-Client-Secret> --cloudname <Salesforce-Cloud-Name> --certificate <yes/y> --certificate-duration <Certificate-Duration> --salesforce-hostname <salesforce-hostname> --audience <audience>
Example Request 1
ksctl connectionmgmt salesforce create --name "salesforce-3" --products "cckm" --cloudname "Salesforce Sandbox Cloud" --clientid 123456 --username "xyz@gmail.com" --certificate yes --certificate-duration 730
Example Response
{
        "id": "93734270-78e0-4a80-b545-dd87d536e1d3",
        "uri": "kylo:kylo:connectionmgmt:connections:salesforce-3-93734270-78e0-4a80-b545-dd87d536e1d3",
        "account": "kylo:kylo:admin:accounts:kylo",
        "createdAt": "2022-05-13T07:04:14.160133827Z",
        "updatedAt": "2022-05-13T07:04:14.158769531Z",
        "service": "salesforce",
        "category": "cloud",
        "last_connection_ok": null,
        "last_connection_at": "0001-01-01T00:00:00Z",
        "name": "salesforce-3",
        "products": [
                        "cckm"
                    ],
        "cloud_name": "Salesforce Sandbox Cloud",
        "client_id": "123456",
        "username": "xyz@gmail.com",
        "certificate": "-----BEGIN CERTIFICATE-----\nMIIFvTCCA6WgAwIBAgIQT3N0S1zNYmmO8lrBpKh9FzANBgkqhkiG9w0BAQsFADB/\nMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2Fu\nIEpvc2UxDzANBgNVBAoTBlRoYWxlczEUMBIGA1UEC...MTRaMH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y\nbmlhMREwD...+3N94oXqI3UDJ7nq29Op1I9IcyzkiigNSZ7lboDGV\n1TO/xYlVRyMxZyhI3R4a/WyWtvCcCXcnnhe3Z7iVSyBa\n-----END CERTIFICATE-----\n",
        "certificate_subject": "CN=cckm.thalesesecurity.com,OU=CipherTrust,O=Thales,L=San Jose,ST=California,C=US"
}
Example Request 2
ksctl connectionmgmt salesforce create --name "salesforce-conn" --products "cckm" --cloudname "Salesforce Sandbox Cloud" --clientid 123456 --username "xyz@gmail.com" --certificate yes --certificate-duration 730 --salesforce-hostname "xyz-org.my.salesforce.com"
Example Response
{
    "id": "93734270-78e0-4a80-b545-dd87d536e1d3",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce-3-93734270-78e0-4a80-b545-dd87d536e1d3",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-05-13T07:04:14.160133827Z",
    "updatedAt": "2022-05-13T07:04:14.158769531Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce-conn",
    "products": [
        "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "123456",
    "username": "xyz@gmail.com",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIFvTCCA6WgAwIBAgIQT3N0S1zNYmmO8lrBpKh9FzANBgkqhkiG9w0BAQsFADB/\nMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2Fu\nIEpvc2UxDzANBgNVBAoTBlRoYWxlczEUMBIGA1UECxMLQ2lwaGVyVHJ1c3QxITAf\nBgNVBAMTGGNja20f8fanBqfdIK3nzowvdvAp7OTjuXO2eHKly321ScuLYVsh+eMx\niArdzP3McH4buvPoP/PGXUFTpcrz7rynmU-----------CD5chpkAmVGrkjmgY1QWAgeoAEnhva\nhmhkqsY2xsEQhYo873gbb9CP+8yJOLgAGUJVRC+e6FVm40Svm7e9ffkaekBAyWRq\nlPPqzrPzxlKIlAW8uEaeFcg+3N94oXqI3UDJ7nq29Op1I9IcyzkiigNSZ7lboDGV\n1TO/xYlVRyMxZyhI3R4a/WyWtvCcCXcnnhe3Z7iVSyBa\n-----END CERTIFICATE-----\n",
    "certificate_subject": "CN=cckm.thalesesecurity.com,OU=CipherTrust,O=Thales,L=San Jose,ST=California,C=US",
    "hostname": "xyz-org.my.salesforce.com"
}
Example Request 3
ksctl connectionmgmt salesforce create --name "salesforce-3" --products "cckm" --cloudname "Salesforce Sandbox Cloud" --clientid 123456 --username "xyz@gmail.com" --use-certificate yes --audience "https://test.salesforce.com" --cert-duration 730
Example Response
{
    "id": "9be5fde1-4ac8-4ff4-95fd-e4fd3562c7a6",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-9be5fde1-4ac8-4ff4-95fd-e4fd3562c7a6",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2025-05-22T10:36:54.155739522Z",
    "updatedAt": "2025-05-22T10:36:54.153944745Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce-1",
    "products": [
        "cckm"
    ],
    "meta": null,
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
    "username": "xyz@abc.com",
    "certificate": "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----\n",
    "audience": "https://test.salesforce.com",
    "certificate_subject": "CN=cckm.example.com,OU=CipherTrust,O=example,L=San Jose,ST=California,C=US"
}
Using external certificate
Note
The external certificate cannot be used with use_certificate and client_secret parameters.
To create an Salesforce connection using external certificate generated from custom CSR signed by any internal or external CA:
- Generate a new Certificate Signing Request (CSR). The Salesforce connections support RSA 1024, 2048, and 4096 bit keys for creating CSRs. - Syntax - ksctl connectionmgmt connections csr --cn <common-name> --csr-outfile <filename>- Example - ksctl connectionmgmt connections csr --cn "test" --csr-outfile "Salesforce.pem"- Response - { "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIHJMHECAQAwDzENMAsGA1UEAxMEdGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABAjn2IrYo9SuscMXGwz0oEDcYCpb2U9F15BF3Y9myZQk40cNMjZ8XMwYYLOR\nyDOMyg8N0XTGy3kg5wqnnSm5namgADAKBggqhkjOPQQDAgNIADBFAiBa7LjFF2D9\niPKhU89pjndsgG9cx2M9JSC6ZzWol5Py0QIhAJUHgBeYKttzcpo87Ej3eQHRb8MT\nJRVOqvM3mdbA/ToQ\n-----END CERTIFICATE REQUEST-----\n" }- This CSR can only be used for one connection in the native domain. Also, this CSR can't be reused in other domains. 
- Sign the CSR with any local or external CA. It will generate an external certificate. 
- Upload the generated certificate to the Salesforce portal. 
- Create the Salesforce connection using the external certificate generated above. - Example - ksctl connectionmgmt salesforce create --json-file certificatesalesforcecreation.json --name "testsalesforce"- Response - { "id": "b1b23132-507e-4807-aef9-9af2a6c5c2fe", "uri": "kylo:kylo:connectionmgmt:connections:testsalesforce-b1b23132-507e-4807-aef9-9af2a6c5c2fe", "account": "kylo:kylo:admin:accounts:kylo", "createdAt": "2022-08-23T07:18:33.757838337Z", "updatedAt": "2022-08-23T07:18:33.756451354Z", "service": "salesforce", "category": "cloud", "last_connection_ok": null, "last_connection_at": "0001-01-01T00:00:00Z", "name": "testsalesforce", "products": [ "cckm" ], "cloud_name": "Salesforce Sandbox Cloud", "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12", "username": "xyz@abc.com", "certificate": "-----BEGIN CERTIFICATE-----\nMIIFUjCCAzqgAwIBAgIQKPONHN6+j5mJCtT+MeR+BDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjEPMA0G...n7xj5XIW7SmcT5TvQn7O9K/+bXkYc\nOLvHFHcKHY2If84Y0ik8gtvM4MOCsooFQqzAPDMSdRgY8mIMcJYTzZruKqMt4Lh9\nvOjrBGHmKstG7gIA74frT0ZelHfeZQ==\n-----END CERTIFICATE-----\n", "certificate_subject": "CN=kylo.com,OU=RnD,O=Thales Group,L=Belcamp,ST=MD,C=US" }- JSON File - { "products": [ "cckm" ], "cloud_name": "Salesforce Sandbox Cloud", "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12", "username": "xyz@abc.com", "certificate": "-----BEGIN CERTIFICATE-----\nMIIFUjCCAzqgAwIBAgIQKPONHN6+j5mJCtT+MeR+BDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjEPMA0G\nA1UEChMGVGhhbGVzMRwwGgYDVQQDExNDaXBoZXJUcnVzdCBSb290IENBMB4XDTIy\nMDgyMjA3MTUyM1oXDT....roG4xtx5J9coHTNzVPxr2hPIpc4gKyjxKQ3mMdGD+MaHp7ED\nyJTcLY8MKt1s+YVRPtPv3furYU5rY04szyln7xj5XIW7SmcT5TvQn7O9K/+bXkYc\nOLvHFHcKHY2If84Y0ik8gtvM4MOCsooFQqzAPDMSdRgY8mIMcJYTzZruKqMt4Lh9\nvOjrBGHmKstG7gIA74frT0ZelHfeZQ==\n-----END CERTIFICATE-----\n", "cert_duration": 730 }
The CipherTrust Manager allows you to modify the external certificate in the existing connection. Any unused certificate will be automatically deleted after 24 hours.
It is domain name based authentication and uses "domain_name" to map My Domain in Salesforce login and application URLs.
The client credentials don't require "username" and "password" for authentication. For details, refer to Salesforce documentation.
Following fields are used for authentication:
- client_id - application ID of the Salesforce application 
- client_secret - consumer secret for the Salesforce application 
- domain_name - represents My Domain used in the Salesforce account. 
To create a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce create --name <connection-name> --products <products-names> --clientid <salesforce-client-id> --secret <salesforce-client-secret> --cloudname <salesforce-cloud-name> --domain-name <salesforce-org-domain-name> --salesforce-hostname <salesforce-hostname>
Note
The domain-name parameter cannot be specified with the salesforce-hostname parameter.
Example Request 1
ksctl connectionmgmt salesforce create -n salesforce-1 -c "Salesforce Cloud" --domain-name "abxxxxxxa--xxxfdc" -d "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv" -t "8177EE1E5967F39381DED2D41B363910B865AD881587AA4DF62C5E813988322A"
Example Response
{
    "id": "e9b10913-400c-40c3-9f78-e5a4277d5724",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-e9b10913-400c-40c3-9f78-e5a4277d5724",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2023-06-13T11:17:25.000529654Z",
    "updatedAt": "2023-06-13T11:17:24.999224701Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce-1",
    "cloud_name": "Salesforce Cloud",
    "client_id": "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv",
    "domain_name": "abxxxxxxa--xxxfdc"
}
Example Request 2
ksctl connectionmgmt salesforce create --name conn1 --products cckm --salesforce-hostname "abxxxxxxa--xxxfdc.sandbox.my.salesforce.com" --clientid "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv" --secret "8177EE1E5967F39381DED2D41B363910B865AD881587AA4DF62C5E813988322A" --cloudname "Salesforce Sandbox Cloud"
Example Response
{
    "id": "3c0b1b5a-457c-4fc6-b10e-1fec20c29bd1",
    "uri": "kylo:kylo:connectionmgmt:connections:conn1-3c0b1b5a-457c-4fc6-b10e-1fec20c29bd1",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2024-12-27T11:38:15.018068828Z",
    "updatedAt": "2024-12-27T11:38:15.014482643Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "conn1",
    "products": [
        "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv",
    "hostname": "abxxxxxxa--xxxfdc.sandbox.my.salesforce.com"
}
Creating a Salesforce Connection with mTLS enabled
CipherTrust Manager provides an option to secure specific API calls from CipherTrust Manager to Salesforce with an mTLS certificate. You can provide a TLS client certificate and a private key while creating a Salesforce connection to enable mTLS certificate authentication. If the private key is protected with a passphrase, then there is the option to also provide this passphrase. For the prerequisite steps to take within Salesforce to set up the use of this Salesforce mTLS option, refer to Setting Up a Mutual Authentication Certificate and associated Salesforce Help topics.
We support pkcs8 format for the certificate. If the certificate is protected by a passphrase, we support pcks1 format for the private key. If the certificate is not protected by a passphrase, we support pcks8 or pcks1 formats for the private key.
To create a Salesforce connection with the verification of a TLS client-side certificate, run:
Syntax
./ksctl connectionmgmt salesforce create --name sfdc1 --clientid "clientid" --secret "salesforce-client-secret" --username "email-of-user" --conn-password "connection-passwd" --cloudname "name-of-salesforce-cloud" --tls-client-cert-with-private-key-file "pointer-to-file-containing-mtls-client-cert" --tls-client-private-key-password "password-of-private-key" --enable-mutual-tls "boolean"
Example Request
./ksctl connectionmgmt salesforce create --name sfdc1 --clientid 3MVG9p1Q1BCe9GmC3YCMWFj2f.NBP_SD5K24usl_MOX3uRIzzi9IH2b77VwN0Ov4XpIi.G1t2CoHSURy4b1AK --secret DF98FB4CB875C8934E699114E3832C8C57AF45374CF1450CFF88494ADEDCD65A --username xyz@gmail.com --conn-password Thales2023# --cloudname 'Salesforce Cloud' --tls-client-cert-with-private-key-file /home/user1/Downloads/letscrypt_fullcert_01182023_with_passphrase.pem --tls-client-private-key-password Ssl12345# --enable-mutual-tls true
Example Response
{
    "id": "e561bc25-63de-461d-aa94-d76baa595dc4",
    "uri": "kylo:kylo:connectionmgmt:connections:sfdc1-e561bc25-63de-461d-aa94-d76baa595dc4",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2023-03-14T20:45:37.431827324Z",
    "updatedAt": "2023-03-14T20:45:37.427742423Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "sfdc1",
    "cloud_name": "Salesforce Cloud",
    "client_id": "3MVG9p1Q1BCe9GmC3YCMWFj2f.NBP_SD5K24usl_MOX3uRIzzi9IH2b77VwN0Ov4XpIi.G1t2CoHSURy4b1AK",
    "username": "xyz@gmail.com",
    "enable_mutual_tls": true,
    "tls_client_certificate": "-----BEGIN CERTIFICATE-----\nMIIEZTCCA02gAwIBAgISA0mUYC0i/8xCeuuJ5vkaVzeaMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMzAxMTgxOTE2NTRaFw0yMzA0MTgxOTE2NTNaMBkxFzAVBgNVBAMM\nDioudGhhbGVzY3BsLmlvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvdVSqoKa\n91XgggHCGbXTBxbMLhdvj6Wvzn/L/gR8NqiVQ+xucpvRXERNRhHHbJfy/DGNPq5Q\nbC0U04EOxAT5GKOCAlcwggJTMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr\nBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUc/b+f3Zd\nwC30i5JIlYgvHSLqL4YwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYw\nVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5v\ncmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wJwYDVR0RBCAw\nHoIOKi50aGFsZXNjcGwuaW+CDHRoYWxlc2NwbC5pbzBMBgNVHSAERTBDMAgGBmeB\nDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxl\ndHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3ALc++yTfnE26\ndfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhcaG/90AAAQDAEgwRgIhAKcf4YZR\n2uchfq2wvjuabAyXbV773mWIgbhLp/EGbVY1AiEApzfjoX+LN7KUIQp6jovlWd2m\nu1hWfGd4tcyc5wn1HGwAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1Lr\nUgAAAYXGhv/yAAAEAwBGMEQCIF2t/AGzjkm4mskUB4XAnawlgN7mFI1jERQMt9me\nlL3qAiAuxYZ+MdWLF1i6TedCoaSPqTV3RE7tbwr6QQMfGmkIPjANBgkqhkiG9w0B\nAQsFAAOCAQEAsh8MJL8weXCZrIFe4yH1bHYHmtaSMHTLTRH+S+PLM+wqTsgPRg80\n8UB5o6e5dHhaLkrEp0xtu+H5kjVDEfqAuP0pl+is/8ADuQsWdD9vzeV2xzEKxj97\np/YCpS065euJgcRgNGGNijCZjZFtm2TFIOMVlteJm9Fb9nwC61GnZAGXSPMdorj4\nqIHm+b2XGcZ/1m9kTLKl3GeVqLnsE9+Ujkzl0VEsL2urkKpDTPnBlziO8E7DxIX8\noAl/0Yh2SxOYOn67Yv0Joofv+Tl5ilVnKVky7ndRehjMlevs5r6cHFib0if4e/WQ\nP03rukbsgCGFDw43Bbs0fBhC1k80oPGNmA==\n-----END CERTIFICATE-----\n"
}
Getting Details of a Salesforce Connection
To get details of a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce get --id 5818ec3d-c5e9-4039-b911-efd45cb08f88
Example Response
{
    "id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-08-10T10:21:29.967822Z",
    "updatedAt": "2021-08-10T10:21:29.966606Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce-1",
    "products": [
        "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
    "username": "xyz@gmail.com"
}
Updating a Salesforce Connection
To update a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce modify --id <Connection-Name/ID> --products <Products-Names> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret> --meta <Key:Values> --salesforce-hostname <salesforce-hostname> --audience <Audience>
Example Request 1
ksctl connectionmgmt salesforce modify --id 5818ec3d-c5e9-4039-b911-efd45cb08f88 --username abcd@gmail.com
Example Response
{
    "id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-08-10T10:21:29.967822Z",
    "updatedAt": "2021-08-10T10:25:06.228123698Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce-1",
    "products": [
        "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
    "username": "abcd@gmail.com"
}
Example Request 2
ksctl connectionmgmt salesforce modify --id conn1 --salesforce-hostname ""
Example Response
{
    "id": "3c0b1b5a-457c-4fc6-b10e-1fec20c29bd1",
    "uri": "kylo:kylo:connectionmgmt:connections:conn1-3c0b1b5a-457c-4fc6-b10e-1fec20c29bd1",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2024-12-27T11:38:15.018069Z",
    "updatedAt": "2024-12-27T11:39:50.445207352Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "conn1",
    "products": [
        "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "3MVG9c1ghSpUbLl_2HbT5XAlPgXdC.voJEM.D4jfqQipoLHa.8rtSEO9Zw6qX0MhVdK3V7LrASTjEmBIpQwkv",
    "hostname": ""
}
Example Request 3
ksctl connectionmgmt salesforce modify --name "salesforce-3" --audience "https://login.salesforce.com"
Example Response
{
    "id": "665f4161-04eb-4aaf-93b9-de99a46357a1",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce-3-665f4161-04eb-4aaf-93b9-de99a46357a1",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2025-05-19T11:26:11.324977Z",
    "updatedAt": "2025-05-19T11:29:09.135419317Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce-3",
    "products": [
        "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "123456",
    "username": "xyz@gmail.com",
    "certificate": "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----\n",
    "certificate_subject": "CN=test21",
    "audience": "https://login.salesforce.com"
}
Deleting a Salesforce Connection
To delete a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce delete --id c4a11fc1-d226-4f19-8d03-5911198e89e5
Example Response
There will be no response if Salesforce connection is deleted successfully.
Getting List of Salesforce Connections
To list all the Salesforce connections, run:
Syntax
ksctl connectionmgmt salesforce list
Example Request
ksctl connectionmgmt salesforce list
Example Response
{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
            "uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2021-08-10T10:21:29.967822Z",
            "updatedAt": "2021-08-10T10:21:29.966606Z",
            "service": "salesforce",
            "category": "cloud",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "salesforce-1",
            "products": [
                "cckm"
            ],
            "cloud_name": "Salesforce Sandbox Cloud"
        }
    ]
}
Testing an Existing Salesforce Connection
To test an existing Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce test --id 5087c384-43aa-4750-951e-3a0f2b60d43b
Example Response
{
 "connection_ok": true,
}
Testing Parameters for a Salesforce Connection
To test parameters for a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce test --id <Connection-Name/ID> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret>
Example Request
ksctl connectionmgmt salesforce test --clientid 3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12 --secret BC0556E7A0B4C96E218EF91370C5B --username salesforce-1 --conn-password 123456 --cloudname "Salesforce Sandbox Cloud"
Example Response
    {
     "connection_ok": true,
    }