Loading
Upcoming Mandatory Changes to Public Key Infrastructure (PKI)Read More
Salesforce Enforces New Security Requirements in Summer 2026Read More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

          Search all of Salesforce Help
          What You Can Encrypt

          What You Can Encrypt

          Shield Platform Encryption provides key management and encryption options that help you meet compliance and regulatory requirements. It also adds extra protection to data stored at rest. You can opt for Database Encryption that encrypts most data within your transactional database. For more targeted protection and granular key management control, use apply field-level encryption (FLE) to individual standard and custom fields.

          Required Editions

          Available in both Salesforce Classic (not available in all orgs) and Lightning Experience.
          Available in: Enterprise, Performance, and Unlimited Editions with the Salesforce Shield or Shield Platform Encryption licenses.
          Available for free in Developer Edition.
          Note
          Note This content relates to Shield Platform Encryption. Read about implementing field-level encryption using Shield Extension in Own from Salesforce.

          Beyond database and field-level encryption, you can also encrypt specific types of data and specialized data stores.

          • Chatter data
          • CRM Analytics datasets
          • Custom fields in installed managed packages that support Shield Platform Encryption
          • Data 360 data stores, including its vector-based search indexes
          • Event Bus data
          • Files and attachments
          • Fields in the Salesforce B2B Commerce managed package
          • Salesforce search indexes (supports keyword searches, separate from Data 360)

          Each encryption feature offers and layered defense mechanisms tailored to each types of sensitive data within your Salesforce environment. Shield Platform Encryption uses different keys for each type of data and data store.

          • Database Encryption
            Database Encryption is available to all Hyperforce customers with a Shield or Shield Platform Encryption license. You can encrypt most of your data without impeding filtering, sorting, or impeding the many Salesforce features that rely on sorting and filtering. Because most of your data is encrypted by default with a tenant-specific key, Database Encryption helps you meet your compliance and regulatory requirements with minimal effort.
          • Standard and Custom Fields
            With Field Level Encryption (FLE), you choose the specific items that you want to protect with encryption. These items are encrypted with a data encryption key (DEK), a derived key composed in part with your tenant secret.
          • Search Indexes
            Except for Data 360, Salesforce products use traditional keyword indexing and store these keywords at rest in search index files. When you turn on search index encryption, sensitive data, even when tokenized for search, remains unreadable to unauthorized parties if the indexes are compromised.
          • Data 360 Data Stores
            Platform Encryption for Data 360 encrypts all Data 360 data at rest, providing greater control and visibility over the keys that protect sensitive data. Platform Encryption for Data 360 also supports Marketing Cloud Next and Tableau Next wherever they use Data 360.
          • Files and Attachments
            Salesforce Shield Platform Encryption extends its data-at-rest protection to include Files and Attachments, ensuring that the content of documents, images, and other files uploaded to Salesforce remains encrypted. When this feature is enabled, the body of each new file or attachment is encrypted as it's uploaded to the platform, using a data encryption key based on your tenant secret.
          • Event Bus Data
            Protect event messages and Change Data Capture (CDC) events at rest. The event bus may store event and CDC data in temporary files as it flows through integrations and real-time processes. Turning on Event Bus Data encryption ensures that event bus data in these temporary storage locations is fully encrypted.
          • Chatter Data
            Provide an additional layer of security for the collaborative discussions and information shared within Chatter. Encrypt data at rest in Chatter feed posts and comments, questions and answers, link names and URLs, poll questions and choices, and content from your custom rich publisher apps.
          • CRM Analytics Data
            Your reports and dashboards may contain confidential business insights, personally identifiable information, or other sensitive data. With Shield Platform Encryption, you can encrypt your CRM Analytics datasets at rest, maintaining compliance and enhancing your data security.
           
          Loading
          Salesforce Help | Article