Introduction
Salesforce Classic Encryption for Custom Fields provides a robust solution for organizations that require enhanced data security, allowing users to encrypt custom text fields and control access to sensitive information. In this blog post, we will delve into the implementation details, restrictions, and best practices associated with Salesforce Classic Encryption for Custom Fields.
Implementation Notes
- Classic Encryption is provided with any Salesforce license at no additional cost
- Classic Encryption is the use of the encrypted text fields Text (Encrypted)
- A custom encrypted text field comprises a combination of letters and numbers presented in encrypted form
- Only users holding the “View Encrypted Data” permission can access data within encrypted custom text fields
- Text entered into encrypted fields undergoes encryption using 128-bit master keys and the Advanced Encryption Standard (AES) algorithm
- Encrypted fields can be utilized in email templates, but the displayed value is always masked
- Granting login access to another user, along with possessing the “View Encrypted Data” permission, enables viewing encrypted fields in plain text
- Only users with the “View Encrypted Data” permission can duplicate the value of an encrypted field when cloning a record
- The <apex:outputField> component is the sole supporter for presenting encrypted fields in Visualforce pages
- Due to the encryption algorithm, encrypted fields are restricted to 175 characters
- Encrypted fields cannot be designated as unique, assigned an external ID, or endowed with default values
- They are not applicable for use in filters such as list views, reports, rollup summary fields, and rules filters
- Encrypted fields cannot be utilized in Connect Offline, Salesforce for Outlook, lead conversion, workflow rule criteria, formula fields, outbound messages, default values, and web-to-lead and Web-to-Case forms.
- While not searchable, encrypted fields can be included in search results.
Best Practices
- Field Editing and Validation:
- Encrypted fields are editable regardless of View Encrypted Data permission. Use validation rules, field-level security settings, or page layout settings to control edits.
- Validation Rules and Apex:
- Validation rules and Apex can be used to validate encrypted field values, regardless of the user’s View Encrypted Data permission.
- Debug Log Viewing:
- To view encrypted data unmasked in the debug log, users must have View Encrypted Data in the service that Apex requests originate from.
- Field Conversion and Mask Type:
- Existing custom fields cannot be converted into encrypted fields. To encrypt existing data, export it, create an encrypted field, and import the data.
- Mask Type is not an input mask but can be validated using validation rules.
- Regulatory Compliance:
- Use encrypted custom fields only when government regulations require it, as they involve more processing and have search-related limitations.
Watch the video below to create encrypted custom text fields and learn how to assign access permissions!
Conclusion
Salesforce Classic Encryption for Custom Fields offers a powerful solution for securing sensitive information within the platform. By understanding the implementation details, restrictions, and best practices, organizations can make informed decisions to enhance data security and compliance with regulatory requirements. As technology evolves, staying informed about such features becomes crucial for maintaining a secure and efficient Salesforce environment.
References
https://help.salesforce.com/s/articleView?id=sf.fields_about_encrypted_fields.htm&type=5
About the blog
SFDCLessons is a blog where you can find various Salesforce tutorials and tips that we have written to help beginners and experienced developers alike. we also share my experience and knowledge on Salesforce best practices, troubleshooting, and optimization. Don’t forget to follow us on:
Newsletter
Subscribe to our email newsletter to be notified when a new post is published.
