Newer Version Available

This content describes an older version of this product. View Latest

Which Fields Can I Encrypt?

You can encrypt certain fields on standard objects, on custom objects, and in Chatter. With some exceptions, encrypted fields work normally throughout the Salesforce user interface, business processes, and APIs.
Available as an add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires purchasing Salesforce Shield. Available in Developer Edition at no charge for orgs created in Summer ’15 and later.
Available in both Salesforce Classic and Lightning Experience.

Beginning with Spring ’17, Shield Platform Encryption no longer masks encrypted data in the presentation layer. This may affect some users’ ability to work with encrypted data. If you have data you don’t want specific users to see, revisit their field-level security settings, record access settings, and object permissions.

Note

When you encrypt a field, existing values aren't encrypted immediately. Values are encrypted only after they are touched. Contact Salesforce for help encrypting existing data.

Encrypted Standard Fields

You can encrypt the contents of these standard field types on the Account, Contact, Case, Case Comment, and Lead objects.

Accounts (Business)
  • Account Name
  • Description
  • Fax
  • Website
  • Phone
Person Accounts
  • Name (Encrypts First Name, Middle Name, and Last Name)
  • Mailing City
Contacts
  • Description
  • Email
  • Fax
  • Home Phone
  • Mailing Address (Encrypts Mailing Street and Mailing City)
  • Mobile
  • Name (Encrypts First Name, Middle Name, and Last Name)
  • Other Phone
  • Phone
Cases
  • Subject
  • Description
Case Comments
  • Body (including Internal Comments)
Leads (Beta)
  • Address (Encrypts Street and City)
  • Company
  • Description
  • Email
  • Fax
  • Mobile
  • Name (Encrypts First Name, Middle Name, and Last Name)
  • Phone
  • Other Phone
  • Title
  • Website

This beta version of encryption support for Leads is production-quality but has known limitations. To activate this Beta feature, contact your Salesforce representative.

Note

Chatter feed
  • Feed Comment—Body
  • Feed Item—Body
  • Feed Item—Title
  • Feed Revision—Value

These fields include feed posts, questions and answers, link names, comments, and poll questions. They don’t encrypt poll choices.

The revision history of encrypted Chatter fields is also encrypted. If you edit or update an encrypted Chatter field, the old information remains encrypted.

Enabling Encryption for Chatter encrypts all eligible Chatter fields. You can’t choose to encrypt only certain Chatter fields.

Note

Encrypted Custom Fields

You can encrypt the contents of fields that belong to one these custom field types, on either standard or custom objects.
  • Email
  • Phone
  • Text
  • Text Area
  • Text Area (Long)
  • URL
  • Date
  • Date/Time

After a custom field is encrypted, you can’t change the field type. For custom phone and email fields, you also can’t change the field format.

When you encrypt the Name field, enhanced lookups are automatically enabled. Enhanced lookups improve the user’s experience by searching only through records that have been looked up recently, and not all existing records. Switching to enhanced lookups is a one-way change. You can’t go back to standard lookups, even if you disable encryption.

Important

You can’t use Schema Builder to create an encrypted custom field.

Some custom fields can’t be encrypted:

  • Fields that have the Unique or External ID attributes or include these attributes on previously encrypted custom fields
  • Fields on external data objects
  • Fields that are used in an account contact relation

On a custom object, the standard Name field can't be encrypted.

This page is about Shield Platform Encryption, not Classic Encryption. What's the difference?

Note