Salesforce Security Guide

Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data's Security with Shield Platform Encryption
What You Can Encrypt
How Encryption Works
Set Up Your Encryption Policy
Required Permissions
Generate a Tenant Secret with Salesforce
Manage Tenant Secrets by Type
Encrypt New Data in Standard Fields
Encrypt Fields on Custom Objects and Custom Fields
Encrypt New Data in Custom Fields in Salesforce Classic
Encrypt New Data in Custom Fields in Lightning Experience
Encrypt Custom Fields in Installed Managed Packages
Encrypt Files
Encrypt Data in Chatter
Encrypt Search Index Files
Encrypt Tableau CRM Data
Encrypt Event Bus Data
Fix Blockers
Stop Encryption
Filter Encrypted Data with Deterministic Encryption
Key Management and Rotation
Shield Platform Encryption Customizations
Encryption Trade-Offs
Monitoring Your Organization’s Security
Real-Time Event Monitoring
Security Guidelines for Apex and Visualforce Development
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Encrypt New Data in Custom Fields in Salesforce Classic

Apply Shield Platform Encryption to new custom fields in Salesforce Classic, or add encryption to new data entered in an existing custom field.
Available as an add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires purchasing Salesforce Shield. Available in Developer Edition at no charge for orgs created in Summer ’15 and later.
Available in both Salesforce Classic and Lightning Experience.

User Permissions Needed
To view setup: View Setup and Configuration
To encrypt fields: Customize Application

To apply deterministic encryption to custom fields, first enable deterministic encryption from the Platform Encryption Advanced Settings page in Setup.

  1. From the management settings for the object, go to Fields.
  2. In the Custom Fields & Relationships section, create a field or edit an existing one.
  3. Select Encrypted.
    All new data entered in this field is encrypted. By default, data is encrypted using a probabilistic encryption scheme. To apply deterministic encryption to your data, select a deterministic option listed under Encrypted.
  4. Click Save.
The automatic Shield Platform Encryption validation service checks for settings in your org that can block encryption. You receive an email with suggestions for fixing incompatible settings.
Field values are automatically encrypted only in records created or updated after you’ve enabled encryption. Synchronize your existing data with your active key material from the Encryption Statistics and Data Sync page.

This page is about Shield Platform Encryption, not Classic Encryption. What's the difference?

Note