Package Installation Key Management

Updated 1 month ago by Copado Solutions

Installation Keys is a feature of SFDX Packages that gives you a level of control over who can and cannot install your package. Usually, the key is provided as a parameter during the package version creation and you need to keep track of the keys for each package version in a separate table. However, you might want to update the keys at a later moment, after the package version was created or after you have imported your packages into Copado using the CLI. Also, you may not want to maintain a table in an external system for each package version you create.

Because of this, Copado offers an option to set and update your package installation key through the UI and storing those keys in a secure location on your Salesforce org. If you want to set or change the installation key in a package version that already has been created or imported to Copado, follow these steps:

Required Permissions:

  • Package Object and Field access, e.g., assign Copado User permission set)
  • Copado Job Engine & Functions, e.g., assign the Copado Functions and Copado Job Engine permission sets. 
  • Manage Package Keys custom permission, e.g., assign the CMC SFDX Admin permission set. 
  1. In the AppLauncher, navigate to the Package tab and select the package in which you want to change the installation key. 
  2. In the upper-right corner of the page, click on the Update Installation Key button. 
To have access to this button, you need to have enabled the Manage Package Keys custom permission. 
  1. Click on Edit
  2. Provide the new installation key and click on Save. A toast message in green color will appear indicating that the 'Job Started. Please refresh the page.' In the background, a job that launches a function is executed to update the installation key. 
  3. When the job finishes the installation key is updated. To review it, refresh the page and then click again on the Update Installation Key button. 
If a key has been previously set, Copado displays it in clear text so that you can review and verify your key. However, only users with the Manage Package Keys permission can access this view so that you can provide access to users who need it and limit visibility to all others.

How did we do?