Shield Platform Encryption

Foundations supports Salesforce's Shield Platform Encryption on all current standard Salesforce fields, files, and attachments.

When encryption has been enabled for a field, disabling encryption for that field does not remove the querying restrictions against it. This means that any current or future packages installed in your org that use that field must continue to support encryption on that field. For example, when searching for records, users cannot filter by a field that has ever been encrypted because the querying restrictions imposed by encryption don't allow filtering on encrypted fields.

If you are considering enabling encryption in your org, refer to the Shield Platform Encryption Implementation Guide from Salesforce. If you are unsure whether to proceed, contact your Salesforce representative before making any decisions.

Limitations

If you want to use Foundations messaging to populate a lookup when a record name field has been encrypted, you can create a mapping using the unique Salesforce record ID. For example, if Account Name is encrypted, create a node of type Field in the relevant publication, select "Account ID", and enter the appropriate key. On the relevant subscription, map the same key to the target lookup field, such as Account. This ensures the lookup references the correct record when the name field is encrypted.

When an account's billing or shipping address is validated in Foundations, a copy of the address is stored in validated address fields on the Account object, such as Validated Billing Street and Validated Shipping City. If you encrypt the Billing Address or Shipping Address fields, consider encrypting the validated address fields as well.