> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quick Reference

> Concise summary of prerequisites and high-level steps for Salesforce BYOK deployment.

This section offers a quick reference to key prerequisites and high-level implementation steps.

## Pre-implementation

* Attain required permissions on Salesforce for the account that will be performing the integration
  * Manage Encryption Keys
  * Manage Certificates
  * Customize Application
* Admin privileges on the HSM
* Check if OpenSSL is installed on device

<CodeblockTabs indent="3">
  ```shell expandable lines wrap title="Shell" theme={null}
  openssl version
  ```
</CodeblockTabs>

* Install dependencies
  * Python 3.x

## Implementation

<Note>
  You can complete most tasks in this section by using either Excrypt Manager or FXCLI. The exception is the second option of task 7 (Create connection certificates for mutual authentication), for which you must use FXCLI.

  You can optionally complete steps 4 through 6 by using the Guardian Series 3 (see the applicable guide for configuring HSMs for PKCS #11 integrations by using the Guardian Series 3).
</Note>

<Note>
  If you use a virtual HSM for the integration, you must connect to it over the network through FXCLI, the Excrypt Touch, or the Guardian Series 3.
</Note>

* Install Futurex PKCS #11 module (**FXPKCS11**)
* Install Futurex Command Line Interface (**FXCLI**)
* Configure Vectera
  * Connect to the HSM with a USB to enable Excrypt Manager or FXCLI
  * Confirm Command Primary Mode is **General Purpose (GP)**, and **PKCS #11** feature is enabled
  * Configure HSM's network
  * Load FTK , PMK and BEK major keys
  * Configure the transaction processing connection
  * Create a new application partition for the integration
  * Create a new identity and give it access to the newly created application partition
  * Configure TLS with either server-side or mutual authentication
* Create & download Salesforce certificate and upload Salesforce public key to HSM
* Upload AES-256 key to HSM and generate hashed & encrypted tenant secrets
* Upload hashed and encrypted tenant secret files to Salesforce

## Post-implementation
