We are developing a number of proprietary AI agent products and require a secure method to deliver prompt content into Salesforce without exposing the actual prompt text.
This project involves building a lightweight external API that returns AES-256 encrypted prompts, along with supporting logic to decrypt these inside Salesforce (Apex) at runtime.
Deliverables
1) Encrypted Prompt API - REST endpoint (e.g. /prompt?id=agent_name) - Returns AES-256 encrypted prompt string - Uses API key/token to authenticate requests - Hosted on Heroku
2) Encryption Utility - CLI script (Node.js or Python) to encrypt new prompt strings using a shared key - Prompts can be stored in a JSON file or lightweight data store
3. Salesforce Integration Demo - Apex-compatible AES decryption function - Example Apex callout to the API with decryption logic - Key should be stored securely using Named Credentials or Encrypted Custom Settings
4. Documentation - Instructions for API deployment - How to encrypt new prompt strings - How to call and decrypt within Salesforce
5. Security Requirements - Prompt strings must never be transmitted or stored as plaintext - AES-256 encryption with CBC or GCM mode - Secure API access via token or key - Key must not be hardcoded in Apex
6. Tech Stack Preferences - API in Node.js - Salesforce integration using Apex
Bonus if you have experience with Salesforce integrations and encryption libraries
_____
API Specification Endpoint GET /prompt?id={agent_id}
Apex Decryption Class - The IV can either be sent separately or prepended to the encrypted string - The key should be securely stored in Salesforce (e.g., Named Credential or Encrypted Custom Setting) - The API must ensure the ciphertext is formatted to be compatible with Salesforce’s Crypto.decrypt() function
