Encrypting fields and attachments

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • After you create your cryptographic modules, create encrypted field configurations and specify whether to encrypt a field on a table or encrypt attachments.

    How to encrypt fields

    Note:
    Encrypted fields are not audited by design. This behavior is not configurable.
    1. Specify the key source: system-generated keys or your customer supplied keys (bring your own key) in System Security > Field Encryption Settings.
    2. After you specify the key source, create a new cryptographic module or use an existing cryptographic module. Start with Create a cryptographic module for instructions.
      Note:
      If you use customer-supplied keys, follow the directions in Create cryptographic module for Column Level Encryption and Configure properties for customer-supplied keys.
    3. Create an encrypted field configuration, which is where you specify the table on which the encryption is performed and either the column in the table or the attachments in the table to encrypt. See Set encrypted field configurations to get started.
    Note:
    See Column Level Encryption Enterprise examples that illustrates how to encrypt fields and attachments using customer-supplied keys.