Files and Attachments

Note This page is about Shield Platform Encryption, not Classic Encryption. What's the difference?

This is particularly valuable for organizations handling sensitive documents, contracts, or confidential media, as it prevents unauthorized access to the raw file data even if the underlying database storage is compromised.

Despite encryption, users with appropriate access permissions can continue to view, download, and work with these files normally, as the decryption happens seamlessly for authorized users.

These kinds of files are encrypted when you enable file encryption:

• Files attached to email
• Files attached to feeds
• Files attached to records
• Images included in Rich Text Area fields
• Files on the Content, Libraries, and Files tabs (Salesforce Files, including file previews, and Salesforce CRM Content files)
• Files managed with Salesforce Files Sync and stored in Salesforce
• Files attached to Chatter posts, comments, and the sidebar
• Notes body text using the new Notes tool
• Files attached to Knowledge articles
• Quote PDFs

These file types and attachments aren’t encrypted:

• Chatter group photos
• Chatter profile photos
• Documents
• Notes previews in the new Notes tool
• Notes and Notes previews in the old Notes tool

Also, some small files (less than about 32K in size) may be stored within the database. If you have turned Database Encryption on, these small files will be encrypted. However, larger files and attachments are not stored inside the transactional database. You must use the Files and Attachments encryption feature to encrypt them.

It's important to note that enabling this setting encrypts new files and attachments; existing unencrypted files and attachments in your Salesforce org require a data sync process, typically initiated from the Encryption Statistics page, to apply the encryption to historical data.