Loading
Ongoing maintenance for Salesforce HelpRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Standard and Custom Fields

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Standard and Custom Fields

            With Field Level Encryption (FLE), you choose the specific items that you want to protect with encryption. These items are encrypted with a data encryption key (DEK), a derived key composed in part with your tenant secret.

            Required Editions

            Available in both Lightning Experience and Salesforce Classic (not available in all orgs).
            Available in: Enterprise, Performance, Unlimited and Developer Editions. Requires purchasing Salesforce Shield or Shield Platform Encryption.
            Note
            Note This page is about Shield Platform Encryption, not Classic Encryption. What's the difference?

            When data classification exercises identify sensitive information that requires more layers of key management control, you can use FLE, even if you’re also using Database Encryption. Key life cycle management, auditing, and analytics are often essential from a regulatory compliance and data privacy perspective. You can manage more of the key life cycle with FLE than with Database Encryption alone. Gather encryption statistics for proof of encryption during audit exercises, synchronize data with active keys, and bring your own keys for more granular control over key material.

            You can encrypt fields individually using FLE alone, or in conjunction with Database Encryption. When you choose to use FLE when Database Encryption is on, the standard and custom field encryption happens before database encryption.

            • Differences Between Probabilistic and Deterministic Encryption
              In Shield Platform Encryption, probabilistic encryption randomizes the ciphertext output each time the same plaintext is encrypted. This enhancing security by making patterns harder to discern but it also prevents filtering or exact-match searches on encrypted data. Conversely, deterministic encryption always produces the same ciphertext for a given plaintext. This allows for filtering, sorting, and equality comparisons on encrypted fields, but with a slight reduction in randomness compared to probabilistic encryption.
            • Which Standard Fields Can I Encrypt?
              With field-level encryption, you can encrypt certain fields that you select on standard and custom objects. With some exceptions, encrypted fields work normally throughout the Salesforce user interface, business processes, and APIs. If you use Database Encryption, all standard fields are encrypted.
            • Which Custom Fields Can I Encrypt?
              With field-level encryption (FLE), you can apply Shield Platform Encryption to the contents of certain custom field types. If you use Database Encryption, all custom fields are encrypted.
            • What Other Fields Can I Encrypt?
              In addition to standard and custom field data and files, Shield Platform Encryption supports encrypting fields in the Salesforce B2B Commerce managed package, and custom fields in installed managed packages.

            See Also

             
            Loading
            Salesforce Help | Article