Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Which Custom Fields Can I Encrypt?

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Which Custom Fields Can I Encrypt?

            With field-level encryption (FLE), you can apply Shield Platform Encryption to the contents of certain custom field types. If you use Database Encryption, all custom fields are encrypted.

            Required Editions

            Available in both Salesforce Classic (not available in all orgs) and Lightning Experience.
            Available in: Enterprise, Performance, and Unlimited Editions with the Salesforce Shield or Shield Platform Encryption licenses.
            Available for free in Developer Edition.
            Note
            Note This content relates to Shield Platform Encryption. Read about implementing field-level encryption using Shield Extension in Own from Salesforce.
            Note
            Note This page is about Shield Platform Encryption, not Classic Encryption. What's the difference?

            If you configure fields for encryption using FLE when Database Encryption is on, the field encryption happens first.

            The custom fields that you select that belong to one of these field types:

            • Email
            • Phone
            • Text
            • Text Area
            • Text Area (Long)
            • Text Area (Rich)
            • URL
            • Date
            • Date/Time
            Note
            Note To enable encryption on any custom object, you navigate directly to the object in Object Manager

            After a custom field is encrypted, you can’t change the field type. For custom phone and email fields, you also can’t change the field format.

            Important
            Important When you use FLE to encrypt the Name field, enhanced lookups are automatically enabled. Enhanced lookups improve the user’s experience by searching only through records that have been looked up recently, and not all existing records. Switching to enhanced lookups is a one-way change. You can’t go back to standard lookups, even if you disable encryption.

            You can’t use Schema Builder to create an encrypted custom field.

            To encrypt custom fields that have the Unique or External ID attribute, you can only use deterministic encryption.

            To support case-insensitive queries, Salesforce stores a lowercase duplicate of your data as a custom field in the database. These duplicates are necessary for case-insensitive queries, but they count against your total custom field count. For example, if you have 200 custom fields in your org, and you choose to encrypt one with case insensitive deterministic encryption, your custom field total is 201.

            Encrypting Custom Fields on Person Objects

            Because of the dependency relationship between Account and Contact when Person accounts are enabled, when you select a custom field on Contact for encryption, the corresponding custom field on Account is also encrypted.

            Unsupported Custom Fields

            Some custom fields can’t be encrypted.

            • Fields on external data objects
            • Fields that are used in an account contact relation
            • Fields with data translation enabled. While the field label itself is encrypted, the contents of translated fields aren't encrypted.
            • Rich Text Area fields on Knowledge Articles

            See Also

             
            Loading
            Salesforce Help | Article