Salesforce Security Guide

Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data's Security with Shield Platform Encryption
What You Can Encrypt
How Encryption Works
Set Up Your Encryption Policy
Required Permissions
Generate a Tenant Secret with Salesforce
Manage Tenant Secrets by Type
Encrypt New Data in Standard Fields
Encrypt Fields on Custom Objects and Custom Fields
Encrypt New Data in Custom Fields in Salesforce Classic
Encrypt New Data in Custom Fields in Lightning Experience
Encrypt Custom Fields in Installed Managed Packages
Encrypt Files
Encrypt Data in Chatter
Encrypt Search Index Files
Encrypt CRM Analytics Data
Encrypt Event Bus Data
Fix Blockers
Stop Encryption
Filter Encrypted Data with Deterministic Encryption
Key Management and Rotation
Shield Platform Encryption Customizations
Encryption Trade-Offs
Audit and Monitor Your Organization’s Security
Real-Time Event Monitoring
Security Guidelines for Apex and Visualforce Development
API End-of-Life Policy
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Encrypt New Data in Custom Fields in Lightning Experience

Apply Shield Platform Encryption to new custom fields in Lightning Experience, or add encryption to new data entered in an existing custom field.
Available as an add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires purchasing Salesforce Shield. Available in Developer Edition at no charge for orgs created in Summer ’15 and later.
Available in both Salesforce Classic and Lightning Experience.

User Permissions Needed
To view setup: View Setup and Configuration
To encrypt fields: Customize Application

To apply deterministic encryption to custom fields, first turn on deterministic encryption from the Encryption Settings page in Setup.

  1. From Setup, select Object Manager, and then select your object.
  2. Click Fields & Relationships.
  3. When you create or edit a custom field, select Encrypted.
    All new data entered in this field is encrypted. By default, data is encrypted using a probabilistic encryption scheme. To apply deterministic encryption to your data, select a deterministic option listed under Encrypted.
  4. Save your work.
The automatic Platform Encryption validation service checks for settings in your org that can block encryption. You receive an email with suggestions for fixing incompatible settings.
Field values are automatically encrypted only in records created or updated after you’ve enabled encryption. Synchronize existing data with your active key material from the Encryption Statistics and Data Sync page.

This page is about Shield Platform Encryption, not Classic Encryption. What's the difference?

Note