+ Start a Discussion
Scott0987Scott0987 

Get the value of an encrypted field

I have a requirement where I have an api key that needs to be stored in salesforce and then called from a visualforce page.  I do not want all uses to be able to see the field values and so have encrypted them.  All users though should be able to access the visualforce page where the encrypted field will be part of an api call out.  So here is what my code looks like:

d = [select fieldvalue__c from customSobject__c];

HttpRequest req = new HttpRequest();
req.setEndpoint('http://' + d.fieldvalue__c + 'restoftheURL');

 When I just open the visualforce page this works fine.  But the page is part of an account layout and on that page I get an error: Unauthorized endpoint, please check Setup->Security->Remote site settings. endpoint = http://*****.restoftheURL.com  On the page layout it puts the * symbols in and so does not work correctly.  

 

Best Answer chosen by Admin (Salesforce Developers) 
Rahul SharmaRahul Sharma

From the document ->

"The value of an encrypted field is only visible to users that have the “View Encrypted Data” permission."

So, even if you query the encrypted text from a user not having above permission, you will get it in encrypted form(****) instead of actual value.

 

I suggest you to store it in custom setting or text field, and use Crypto class for custom encryption and decryption.

All Answers

prakash_sfdcprakash_sfdc
Hi,

From the error, I think you need to create an entry in Remote site Settings with full URL, so that it can be accessed via salesforce. I had done the same for using some third party api. Two minutes job.

Otherwise,if you don't want to do that then you can store the value of the key in Custom Settings and use it in code. Otherwise, you can keep it as string and change the field level security so that only system admin can access.
Nazeer AhamedNazeer Ahamed

Did you tried Text - Encrypted fields, you can contact Salesforce.com to enable it in your org. 

Rahul SharmaRahul Sharma

From the document ->

"The value of an encrypted field is only visible to users that have the “View Encrypted Data” permission."

So, even if you query the encrypted text from a user not having above permission, you will get it in encrypted form(****) instead of actual value.

 

I suggest you to store it in custom setting or text field, and use Crypto class for custom encryption and decryption.

This was selected as the best answer