An illustration of profile aware file encryption feature in Salesforce

Well, the best solution to have your data encrypted at rest is procuring Salesforce’s Shield Encryption offering. But, what if, you want to proceed with Salesforce classic encryption features and bridge some of the gap with customization to fulfill your needs?

One such need that arose, while working for a recent client is to develop some homegrown solution to encrypt a file while uploading it into Salesforce and decrypting it while downloading. And then linking this action to a few of selected profiles.

In our case, Apex Crypto class has been used to encrypt and decrypt an input file using AES 256 algorithm. An external private key has been used for encryption, but you can generate your own key using Crypto.generateAESKey(Integer size)  as mentioned in the Using the Apex Crypto Class link.

Note: Please take a conscious and judicious decision based on your specific data security requirements as to which salesforce solution will best fit for you. Worth a look at the following features comparison between classic and shield encryption.

The sample codes and usage details can be downloaded from my Github repo here.


On the conversion of a ​Visualforce page to Lightning Components

If I’m not mistaken, I read about this first time in one of Topalovich’s blog. And it appeared to be a daunting task. With the time I have been trying to build up a process which would help us to automate this task to a great extent.

Before we progress further be informed that, there is no such magic wand which could convert a Visualforce (VF) page to the corresponding Lightning component bundles, with all the functionalities ported. But it’s definitely possible to convert most of the features provided in a Visualforce page, which would in a way help you to reduce the conversion time by many folds.

In our case, the algorithm being developed is still evolving, but the majority of the approaches have been developed and tested fine. We wanted to have something which could convert a VF page into its lightning peer in a click of a button.

There are some other resources worthy of exploring on this topic, especially the ones provided by Salesforce:

1. Documentation: Kick Off the Lightning Experience Readiness Check

2. Making Visualforce work in Lightning


Following are the steps we followed at a high level to convert a Visualforce page into its lightning peers.

1. Take Visualforce page name as an input to convert

2. Fetch the body of the VF page

3. Search over the content of the VF page to find all the custom Visualforce components defined within it

4. Fetch the markup content of the innermost VFC (or the page, in case no custom component is present) and start converting each VF tags into its compatible lighting tags

5. Create a lightning component bundle based on the mapped body of the VF component done above

6. Fetch the body of the controller(s) class mentioned in the  VF Component

7. Convert fetched controller(s) content into aura enabled lightning apex controllers (create a separate apex class for each inner class present in the apex controller body)

8. Create a lightning component consolidating all the styles present in the VF page

9. Repeat the above steps until you convert the parent VF page

Challenges Faced

During the conversion process we have faced many challenges, the following ones worth a mention:

  1. Comments in VF page needs to be escaped, to render the corresponding lightning component properly
  2. Timeout error while creating a large Lightning Apex controller file using tooling API and Apex Symbol tables
  3. Timeout error while creating the Lightning Component bundle using tooling API

Open Areas

There are still a few open areas which call for involved efforts to get addressed like:

  1. VF Global actions are not convertible into corresponding lightning components
  2. If a map is used in the VF page, it’s not convertible into suitable lightning snippets
  3. If external javascript libraries are used in the VF page, suitable conversion methods not implemented yet
  4. All the formulas used in VF page expressions are not fully supported in Lightning

All in all, this was a very bumpy ride but was worth an experience.

Unit Test Class Generator for Salesforce Apex Class and Triggers

We all know the importance of writing Unit Test Codes for Salesforce applications. We are aware of the pain points as well. This blog is all about making it a bit painless and intuitive from a Developer’s perspective.

Here, I have tried to automate writing the unit test classes for Salesforce Apex class as well as for a Trigger. I have taken the sample Apex and Trigger codes from Salesforce Trailhead module to generate their Unit Test Classes.

Please note that the current implementation is in very naive form, far from being production ready. But the approach provided here can be adapted for generating Unit test class for a complex Apex class or Trigger, provided you modify it to render the supporting input JSON file to describe your test cases and test data and define a supporting Visualforce Component.

I did not want to clutter the Salesforce Org for generating unit test classes, so I personally like to run the code from CLI, but feel free to choose the route that will suit you the best.

The codes and usage details can be downloaded from my Github repo here.

SSH up Bitbucket Repo with TortoiseGit and OpenSSH in Windows

Recently I had to set up a private Bitbucket repo with SSH for one of our internal projects. I have already done the same in the past, so when I got bumped up with nagging “Error: Permission denied (public key)”, I had to revisit and rework all the steps all over again to make things straight. This blog is all about the step by step processes I followed to fix things up for read-write repo access.

Following are the two mostly adopted procedures for establishing SSH connection with Bitbucket repositories in Windows:

  • OpenSSH
  • TortoiseGit client

Before you proceed further please ensure that you have already installed the following applications on your system:

  1. Git for windows with Git Bash
  2. TortoiseGit Client
  3. OpenSSH


     Create a new SSH key:

  1. Check for “GIT_SSH” environment variable (Computer -> Properties -> Advanced System Settings -> Environment Variables…) and remove it if found.
  2. Open “Git Bash” from Start menu
  3. Run the command ssh-keygen -t rsa -C “”  This will create a new SSH key, using the provided email as a label.
  4. When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location (.ssh folder within your HOME directory)
  5. At the prompt, type a secure passphrase or just press Enter and Re-Enter to continue.
  6. This will create 2 SSH keys in your .ssh folder within your default HOME directory. One private key with the default name id_rsa  and the other one as public key with name will be created for you You can change the names of these keys, but in that case, you have to pass the complete path of the file at step 4 mentioned above.
  7. Copy your public key and add it as a SSH keys under your Bitbucket Settings (Right click on your bitbucket Avatar to get it)

Bitbucket Settings

8. Next, add the following items to your ~/.ssh/config file to specify what identity to use for what host (create this file in case it is not already created)

 ForwardAgent yes
 IdentityFile ~/.ssh/id_rsa  

Note that there is a space before all 3 lines added above and blank line after Host is not required.

9. Save your config file

 Adding your private SSH key to the ssh-agent

1. Open Git Bash  and run the following command to ensure that the ssh-agent is running on your system:

$ eval $(ssh-agent -s)
It should something like “Agent pid 13152” if the agent is running.

2. Add your SSH private key to the ssh-agent by running the below-given command. Replace id_rsa with the name of your private key file in case you have saved it with a different name.

$ ssh-add ~/.ssh/id_rsa

 Check your connection:

  1. Run Git Bash, and enter the command: ssh replacing accountname with your own bitbucket account name.You should encounter a message like this:
    The authenticity of host ‘ (’ can’t be established.
    RSA key fingerprint is SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A.
    Are you sure you want to continue connecting (yes/no)?
  2. Enter yesYou should see a success message similar to the one given below:
    Warning: Permanently added ‘,’ (RSA) to the list of known hosts.
    PTY allocation request failed on channel 0
    logged in as accountname.
    You can use git or hg to connect to Bitbucket. Shell access is disabled.
    Connection to closed.

TortoiseGit Client

     Check your TortoiseGit installation (in my case it is v2.5.0.0):

      Ensure that your TortoiseGit installation installs the following additional tools     looking at the bin folder within the installation directory:




     Add GIT_SSH variable to the environment: 

After TortoiseGit client installation is done, add GIT_SSH variable to your system environment in case it is not added already. This variable should point to the         TortoiseGitPlink.exe.  In my case it was like:

GIT_SSH=C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe

     Generate SSH keys with PuTTygen

Run PuTTygen.exe, to generate a SSH-2 RSA public/private keypair. Once generated, save the public and private keys to a folder of your preference. Copy the generated public key and paste it into SSH Keys in your Bitbucket Settings like we did for OpenSSH.
Please note that when you generate a key with PuTTygen, the public key that you copy from PuTTygen and the public key you save to a file are not in the exact same format.


     Add your private key to Pageant

Run Pageant from Start menu. You will see a small icon in your system tray, which indicates Pageant is started. Click on the Pageant icon from your system tray and click “Add Keys” (alternatively right click on the icon and add keys) . Select and add the private key that was generated by PuTTygen in the previous step. The private key should have extension .ppk. After you add the SSH key, you should see it in Pageant key list.


     Check your connection

1.  Create a new folder which will complement your bitbucket repo.

2.  Right-click on the folder and select the item as shown below:


3. Click OK without checking the check box

Create a Repo

4. Click OK

Repo Initialized

5. Right Click on the folder again and select TortoiseGit -> Settings  as shown below:

Go to Settings

6. Click OK


7. You should see the Git tab as shown below:

Git tab.png

 8. Click on Remote at the left pane and fill URL and Push URL fields with your SSH bitbucket repo path (e.g.  Remote field should be populated with origin by default. Select your previously generated private key in your Putty Key field.

Click Add New/Save.


9. Select Yes to fetch files from bitbucket remote you have just added:


10. Click OK


11. In case of successful connection you should see a dialog as shown below:

Click Yes.

Key Caching

12. In case of successful fetch you should see a dialog as shown below:


Note: Organizations that use SAML single sign-on (SSO) cannot be accessed with SSH. To access repositories in organizations that use SAML SSO, use an authorized personal access token instead of the password with HTTPS.

In case you want to establish only read access to the Bitbucket repo, please add your SSH public key into Access keys of your individual repo Settings instead of adding through your Bitbucket settings. Using this deployment key you will be able to fetch & pull changes from your repository but you won’t be able to push any of your changes back in the repo.