Appearance
Skip to content
Manage API keys, endpoints and environment variables across Production, Sandboxes and Scratch Orgs, securely
Salesforce Configuration Management, Done Properly
Command Center
Import Config Export Config
Configuration ManagementEnvironment ManagementEnvironment Group Management
Select Environment
Edit Delete
Configuration: Document Storage
Environment Groups (1)
Development Sandboxes 2 environments
Production (1)
Production
Sandboxes (3)
SIT
Staging
UAT
Document Storage – Production2 environments
Configure values for each field
Edit Delete
Bucket Name
Type: Text
Access Key ID
Type: Text
Region
Type: Text
The reality
Configuration management in Salesforce is harder than it should be
Config scattered everywhere
Values live in Custom Settings, Custom Metadata, Apex classes, and spreadsheets. There is no single place to see or manage what your orgs actually use.
Secrets hardcoded in source code
API keys, passwords, and tokens stored directly in code. Anyone with repository access can see them. Changing a single value requires a full deployment.
Manual copying between orgs
Every sandbox refresh or new scratch org means someone re-enters API keys, endpoints, and feature flags by hand. It is slow, error-prone, and never documented.
No secure way to move config
Moving values between orgs means spreadsheets, data loader, or copy-paste. Nothing is encrypted. Nothing is auditable.
Environments drift apart
Sandboxes fall out of sync with production. Scratch orgs start empty. After a few weeks, nobody knows which environment has the right values.
Wrong values hit production
A test URL reaches production. A stale API key survives a sandbox refresh. These mistakes happen when there is no separation between environment-specific values.
Most approaches to configuration in Salesforce are workarounds, not a real solution.
What Veles does
Take control of your Salesforce configuration
Typed config entries
Create named config entries with typed fields: Text, Long Text, Number, Boolean, Date, and Datetime. Every field is validated automatically, so your team always knows exactly what each entry expects.
Different values per environment
Assign different values to Production, each Sandbox, and each Scratch Org. Veles detects the current environment automatically and always returns the correct value.
Environment Groups
Group environments that share the same configuration. Define values once at the group level and override at the environment level when needed.
One interface, all environments
All configurations in one place. Select any configuration, pick an environment, and see the values instantly. No switching tabs, no guessing, no jumping between Setup pages.
Full environment inventory
See every environment your team works with. Add new environments, assign them to groups, and track which values are set.
Flexible export options
Choose exactly which configurations to export. Pick individual entries or export everything at once, always encrypted.
Developer API
One line of Apex. The right value. Every time.
veles-apex
btcveles.VelesConfig.forConfig('Mulesoft').getText('API Key');
Typed Apex methods for every data type: Text, Number, Boolean, Date, Datetime
Flow invocable actions for no-code access
Built-in caching so config values are queried once per request
Security & Architecture
Built the Salesforce way
100% on-platform, no external servers, no external data storage
No external calls. Your data never leaves Salesforce
Locked-down sharing, private by default
Protected custom settings for sensitive values
Safe queries, no injection risk
Distributed as a managed package
Admin-only access via dedicated permission set
AES-256 encryption for export and import
Why not just use Custom Metadata or Custom Settings?
Custom Metadata and Custom Settings were not designed to manage environment-specific configuration at scale.
| Capability | Custom Metadata | Custom Settings | Veles |
|---|---|---|---|
| Encrypted export | ✕ | ✕ | ✓ |
| Environment grouping | ✕ | ✕ | ✓ |
| Central UI for config management | ✕ | ✕ | ✓ |
| Flow integration | ✓ | ✕ | ✓ |
| Typed Apex methods | ✕ | ✕ | ✓ |
| Secure migration between orgs | ✕ | ✕ | ✓ |
| Built-in access control | ✕ | ✕ | ✓ |
Building it in-house vs using Veles
If you build this internally, your team owns the encryption, permissions, documentation, and long-term maintenance. Every hour spent building config tooling is an hour not spent on business features.
| Aspect | In-house build | Veles |
|---|---|---|
| Time to build | Weeks to months | Install and configure in hours |
| Security implementation | You design and maintain it | Built-in encryption, private OWD, admin-only access |
| Encryption handling | You build encryption from scratch | AES-256 encryption, built-in and ready |
| Maintenance cost | Ongoing dev time for every change | Managed package, automatic upgrades |
| Upgrade responsibility | Your team handles Salesforce API changes | Package maintainer handles compatibility |
| Documentation | You write and maintain it | Provided and kept up to date |
| Access control | You design permission structure | Permission set, locked-down sharing, admin-only |
| Stays on Salesforce | Depends on your architecture | 100% native, zero external dependencies |
Use cases
Where Veles makes the biggest difference
Integration-heavy organizations
Managing API keys, endpoints, and tokens for Mulesoft, Stripe, Twilio, and other services. One central place for all integration config, with the right value served per environment automatically.
Multi-sandbox development teams
Ten developers, ten sandboxes, one source of truth. Group orgs by purpose, define shared defaults at the group level, and let individual environments override only what's different.
Regulated industries
Financial services, healthcare, and government teams that need encrypted config transfer between orgs, controlled access to sensitive values, and full audit trails.
Salesforce admins
Moving config between orgs during releases without spreadsheets or manual re-entry. Export an encrypted package from one org, import it into another, with automatic rollback if anything fails.
AppExchange partners (ISVs)
ISVs managing configuration across development, packaging, and subscriber orgs. Keep your package config organized from dev through to customer delivery.
What Veles Is Not
- Veles is not an external secrets vault.
- Veles is not a CI/CD platform.
- Veles is not a DevOps orchestration tool.
- Veles does not store data outside Salesforce.
Veles is a Salesforce-native tool built for one job: managing your org configuration.
FAQ
Common questions
Yes. Veles runs 100% on Salesforce. No external servers, no outside calls, no external storage. Sharing is locked down by default, sensitive values are stored in protected settings, all queries are safe from injection, and exports are encrypted with AES-256.
No. Veles is a managed package that runs entirely on Salesforce. No external servers, no middleware, no outside storage. Everything stays within your org.
Veles is designed to be lightweight. Configuration lookups are optimized and cached. In typical usage, the impact on governor limits is negligible.
Yes. You export a configuration with a password and Veles encrypts it with AES-256. Then you import the encrypted file into the target org. If anything goes wrong during import, all changes are rolled back automatically.
Yes. Veles is built for teams with many environments and integrations. Environment groups, typed config entries, and permission-based access are designed for large Salesforce setups.
Custom Metadata does not support environment-specific values, encrypted export, environment grouping, or a central management UI. Veles provides all of these, plus typed Apex methods and Flow actions, in a single managed package.