salesforce-security-basics

Featured

Apply Salesforce security best practices for Connected Apps, OAuth, and field-level security. Use when securing API credentials, implementing least privilege access, or auditing Salesforce security configuration. Trigger with phrases like "salesforce security", "salesforce secrets", "secure salesforce", "salesforce connected app security", "salesforce FLS".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Salesforce Security Basics ## Overview Security best practices for Salesforce integrations: Connected App configuration, OAuth scope management, field-level security, and credential rotation. ## Prerequisites - Salesforce org with System Administrator access - Connected App created in Setup > App Manager - Understanding of Salesforce security model (Profile, Permission Set, OWD) ## Instructions ### Step 1: Secure Connected App Configuration ``` Setup > App Manager > New Connected App: 1. Enable OAuth Settings 2. Callback URL: https://yourapp.com/oauth/callback (NOT localhost in prod) 3. Selected OAuth Scopes — USE MINIMUM REQUIRED: - "Manage user data via APIs (api)" — for REST/SOQL access - "Perform requests at any time (refresh_token, offline_access)" — for refresh tokens - DO NOT add "Full access (full)" unless absolutely necessary 4. Require Proof Key for Code Exchange (PKCE): Enable for public clients 5. Require Secret for Web Server Flow: Enable 6. IP Relaxation: "Enforce IP restrictions" (not "Relax IP restrictions") ``` ### Step 2: Credential Storage ```bash # .env (NEVER commit to git) SF_LOGIN_URL=https://login.salesforce.com SF_USERNAME=integration-user@yourcompany.com SF_PASSWORD=<from-vault> SF_SECURITY_TOKEN=<from-vault> SF_CLIENT_ID=<connected-app-consumer-key> SF_CLIENT_SECRET=<connected-app-consumer-secret> # .gitignore — ALWAYS include .env .env.local .env.*.local server.key # JWT private key *.pem *.key ``` ### Step 3: Use a Dedicate...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

salesforce-install-auth

Install and configure Salesforce SDK/CLI authentication with jsforce or Salesforce CLI. Use when setting up a new Salesforce integration, configuring OAuth flows, or initializing Salesforce connectivity in your project. Trigger with phrases like "install salesforce", "setup salesforce", "salesforce auth", "configure salesforce", "jsforce setup", "sf cli login".

2,266 Updated today
jeremylongshore
AI & Automation Featured

salesforce-enterprise-rbac

Configure Salesforce Profiles, Permission Sets, and Sharing Rules for enterprise access control. Use when implementing role-based access, configuring SSO with Salesforce, or setting up organization-wide sharing defaults. Trigger with phrases like "salesforce permissions", "salesforce RBAC", "salesforce profiles", "salesforce SSO", "salesforce sharing rules", "salesforce OWD".

2,266 Updated today
jeremylongshore
AI & Automation Featured

salesforce-data-handling

Implement Salesforce data privacy, GDPR/CCPA compliance, and field-level encryption patterns. Use when handling PII in Salesforce records, implementing data subject access requests, or configuring Salesforce Shield encryption. Trigger with phrases like "salesforce data privacy", "salesforce PII", "salesforce GDPR", "salesforce data retention", "salesforce encryption", "salesforce CCPA".

2,266 Updated today
jeremylongshore
AI & Automation Featured

salesforce-deploy-integration

Deploy Salesforce-connected applications to Heroku, Vercel, and Cloud Run with proper credential management. Use when deploying Salesforce-powered applications to production, configuring platform-specific secrets, or setting up Heroku Connect. Trigger with phrases like "deploy salesforce app", "salesforce Heroku", "salesforce production deploy", "salesforce Cloud Run", "Heroku Connect".

2,266 Updated today
jeremylongshore
AI & Automation Solid

webflow-security-basics

Apply Webflow API security best practices — token management, scope least privilege, OAuth 2.0 secret rotation, webhook signature verification, and audit logging. Use when securing API tokens, implementing least privilege access, or auditing Webflow security configuration. Trigger with phrases like "webflow security", "webflow secrets", "secure webflow", "webflow API key security", "webflow token rotation".

2,266 Updated today
jeremylongshore