Field Limits with Shield Platform Encryption
It’s good practice to use validation rules to enforce these field limits. In addition, because encrypted content is often longer than its ciphertext, encrypting a field can impose further limits on the values that you store in that field. Therefore, test your field limits in longer fields, such as Address and Subject, and on any encrypted field that contains non-ASCII values such as Chinese, Japanese, or Korean-encoded data.
Required Editions
| Available in both Salesforce Classic (not available in all orgs) and Lightning Experience. |
| Available in: Enterprise, Performance, and Unlimited Editions with the Salesforce Shield or Shield Platform Encryption licenses. |
| Available for free in Developer Edition. |
This table is a reference for the field limits for each field listed when Shield Platform Encryption is used.
- BYTE Length
- Maximum length of the field in bytes.
- ASCII
- Maximum number of ASCII characters the field can contain.
- Non-ASCII
- Maximum number of non-ASCII characters, such as Chinese, Japanese, or Korean, that this field can contain.
| Max Size | Bytes | ASCII | Non-ASCII |
|---|---|---|---|
| Assistant Name (Contact) | 120 | 40 | 22 |
| Address (To, CC, BCC on Email Message) (when encrypted with probabilistic or case-sensitive deterministic encryption) | 4000 | 2959 | 1333 |
| City (Account, Contact, Lead) | 120 | 40 | 22 |
| Email (Contact, Lead) | 240 | 80 | 70 |
| Fax (Account) | 120 | 40 | 22 |
| First Name (Account, Contact, Lead) | 120 | 40 | 22 |
| Last Name (Contact, Lead) | 240 | 80 | 70 |
| Middle Name (Account, Contact, Lead) | 120 | 40 | 22 |
| Name (Custom Object) | 240 | 80 | 70 |
| Name (Opportunity) | 360 | 120 | 110 |
| Phone (Account, Contact) | 120 | 40 | 22 |
| Site (Account) | 240 | 80 | 70 |
| Subject (Email Message)(when encrypted with probabilistic or case-sensitive deterministic encryption) | 3000 | 2207 | 1000 |
| Title (Contact, Lead) | 384 | 128 | 126 |
Reported API Lengths of Encrypted Fields
To query the length of a field using Apex, you can use the Schema.DescribeFieldResult class, which provides
metadata information about a field. The getByteLength() and
getLength() methods return the original length defined for the field
before encryption, not the actual length of either the encrypted data or its plaintext.
For example, suppose you have an email address field defined with a length of 99 bytes. A
user stores the value aaa@aaa.aaa, When encrypted, the field contains
txagearxhoxcrypabef’. These values are both shorter than 99 bytes.
Querying the length of this field with DescribeFieldResult.getByteLength()
returns 99.
Email Message Fields and Case-Insensitive Encryption
To encrypt Address and Subject fields on the Email Message object with case-insensitive deterministic encryption, apply the scheme before you enter data into these fields. If existing data in these fields exceeds the following limits, that data isn’t encrypted with case-insensitive deterministic encryption.
- API length: 527
- Byte length: 765
- Non-ASCII characters: 262
Case Comment Object
The Body field on the Case Comment object has a limit of 4,000 ASCII characters (or 4,000 bytes). However, when the Body field is encrypted, the character limit is lower. How much lower depends on the kind of characters you enter.
- ASCII: 2959
- Chinese, Japanese, Korean: 1333
- Other non-ASCII: 1479
