+ Start a Discussion

Encrypted Fields in Apex show as masked

I am having a problem accessing the content of an encrypted field from an Apex class. According to the Encrypted Field documentation -- "When an encrypted custom field is manipulated in Apex Code, the value is always unmasked,regardless of the permissions of the user. " However, in my Apex code the field value is always masked.


I confirmed this by parsing the actual field value character by character, since encrypted fields are always masked in system.debug() statements.


Participant__c partic = [SELECT ID, Social_Security_Number__c FROM Participant__c WHERE ID = :this.recordID LIMIT 1];
if (partic.Social_Security_Number__c != null) {
	string ssn = '';
	for (integer n = 0; n < partic.Social_Security_Number__c.length(); n++) {
		string x = partic.Social_Security_Number__c.subString(n,n+1);
                if (x == '*') x= 'x';
                ssn += x;

 In the above code I found that the characters in the encrypted field were actually an asterik (*). I confirmed this by checking for the "*" and replacing it with a "+".  (I could have done this with a Replace(), but I wanted to actually copmare each character one at a time to be sure).


Shouldn't I be able to retrieve the full umasked value of the encrypted field in my Apex code?


Best Regards,



Mike -- my experiments seem to suggest that if you execute APEX code that the encrypted field is always decrypted by the time it gets to APEX and can be displayed in the debug log (regardless of whether the apex running user has 'View Encrypted Data' privilege)-- EXCEPT, if you are using Execute Anonympous Apex in which case, if the running user doesn't have 'View Encrypted Data', the executing apex will not decrypt the value. 
Vikas Sharma 41Vikas Sharma 41
Thanks Crop! It saved us from creating another field and lots of logic.