+ Start a Discussion
Ken Koellner 7Ken Koellner 7 

Hide Consumer Secret on Auth. Provider setup page.

The Auth. Provider setup page allows entering a Customer Key and Consumer Secret.  We would like it to work so that after an admin has entered the secret, it cannot be viewed on the setup page, much like the way a password can work.  You can enter into the field but once saved, it become masked with stars and you can never view it again.  This setup page has a Reveal button that will show it.  Is there any way to disable that?



Please do not respond with an answer to a different but related question or a link to the documentation page [I have already read https://help.salesforce.com/articleView?err=1&id=sso_provider_global_auth.htm&type=5] and then ask for me to vote your answer best answer.  I will instantly vote your answer as best answer if it really answers this specific question.
AnudeepAnudeep (Salesforce Developers) 
As far as I know, you cannot mask them. However, you can encrypt them

“The AuthProvider object is not a normal object. It is a special object used to store settings for authentication providers. The ConsumerSecret field on that says it can be encrypted by putting the field inside an outbound change set.

https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_authprovider.htm

Here are the steps: 

The consumer secret of the app that is registered at the third-party provider. After it’s set, you can’t change the value. When using create(), this field must be encrypted. To create an encrypted form of the consumer secret from plaintext:
  1. Create an authentication provider with the consumerSecret plaintext value.
  2. Save the authentication provider.
  3. Create an outbound change set that includes the authentication provider component.
The new change set .xml file has an entry in the form <consumerSecret>++XYZ++</consumerSecret> where ++XYZ++ is the encrypted secret.
In API version 33.0 and later, for Salesforce-managed auth providers, leave the field blank to let Salesforce supply and manage the value. For details, see Usage.

=> It follows the classic encryption scheme. Aes128. Org specific key