Newer Version Available

This content describes an older version of this product. View Latest

Which Fields Can I Encrypt?

You can encrypt certain fields on standard objects, on custom objects, and in Chatter. When Shield Platform Encryption is on, users with the “View Encrypted Data” permission can see the contents of encrypted fields, but users without that permission see only masked values.
Available as add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires purchasing Salesforce Shield. Available in Developer Edition at no charge for organizations created in Summer ’15 and later.
Available in both Salesforce Classic and Lightning Experience.

Beginning with Spring ’17, Shield Platform Encryption no longer masks encrypted data. This may affect some users’ ability to work with encrypted data. If you have data you don’t want specific users to see, revisit their field-level security settings, record access settings, and object permissions.

Note

In either case, encrypted fields work normally throughout the Salesforce user interface, business processes, and APIs. (There are some exceptions; for example, encrypted fields can’t be filtered.)

When you encrypt a field, existing values aren't encrypted immediately. Values are encrypted only after they are touched. Contact Salesforce for help encrypting existing data.

Encrypted Standard Fields

You can encrypt the contents of these standard field types on the Account, Contact, Case, and Case Comment objects..

  • On the Account (Business) object:
    • Account Name
    • Description
    • Fax
    • Website
    • Phone
  • On the Account (Person) object:
    • Name (Encrypts First Name, Middle Name, and Last Name)
    • Mailing City
  • On the Contact object:
    • Description
    • Email
    • Fax
    • Home Phone
    • Mailing Address (Encrypts only Mailing Street and Mailing City)
    • Mobile
    • Name (Encrypts First Name, Middle Name, and Last Name)
    • Other Phone
    • Phone
  • On the Case object:
    • Subject
    • Description
  • On Case Comments:
    • Body (including Internal Comments)
  • In the Chatter feed:
    • Feed Comment—Body
    • Feed Item—Body
    • Feed Item—Title
    • Feed Revision—Value

    These fields include feed posts, questions and answers, link names, comments, and poll questions. They don’t encrypt poll choices.

    The revision history of encrypted Chatter fields is also encrypted. If you edit or update an encrypted Chatter field, the old information remains encrypted.

    Enabling Encryption for Chatter encrypts all eligible Chatter fields. You can’t choose to encrypt only certain Chatter fields.

    Note

Encrypted Custom Fields

You can encrypt the contents of fields that belong to one these custom field types, on either standard or custom objects.
  • Email
  • Phone
  • Text
  • Text Area
  • Text Area (Long)
  • URL
  • Date
  • Date/Time

After a custom field is encrypted, you can’t change the field type. For custom phone and email fields, you also can’t change the field format.

When you encrypt the Name field, enhanced lookups are automatically enabled. Enhanced lookups improve the user’s experience by searching only through records that have been looked up recently, and not all existing records. Switching to enhanced lookups is a one-way change. You can’t go back to standard lookups, even if you disable encryption.

Important

You can’t use Schema Builder to create an encrypted custom field.

Some custom fields can’t be encrypted:

  • Fields that have the Unique or External ID attributes or include these attributes on previously encrypted custom fields
  • Fields on external data objects
  • Fields that are used in an account contact relation

On a custom object, the standard Name field can't be encrypted.

This page is about Shield Platform Encryption, not Classic Encryption. What's the difference?

Note