First of all we should understand why we need of encryption in salesforce marketing cloud.Take the time to identify the most likely threats to your organization. This will help you distinguish data that needs encryption from data that doesn’t, so that you can encrypt only what you need to. Make sure your tenant secret and keys are backed up, and be careful who you allow to manage your secrets and keys.

  1. Outline a threat model for your organization. rehearse a proper threat modeling exercise to spot the threats that area unit possibly to have an effect on your organization. Use your findings to make an information classification theme, which may assist you decide what knowledge to encode.
  2. Encode solely wherever necessary.
  • Not all knowledge is sensitive. target data that needs coding to satisfy your regulative, security, compliance, and privacy needs. Unnecessarily encrypting knowledge impacts practicality and performance.
  • Judge your knowledge classification theme early and work with stakeholders in security, compliance, and business IT departments to outline needs. Balance business-critical practicality against security and risk measures and challenge your assumptions sporadically.
  1. Produce a technique early for backing up and archiving keys and knowledge. If your tenant secrets area unit destroyed, reimport them to access your knowledge. entirely accountable for ensuring your knowledge and tenant secrets are secured and keep in a very safe place. Salesforce cannot assist you with deleted, destroyed or misplaced tenant secrets.
  2. Perceive that coding applies to all or any users, despite their permissions.
  • You management World Health Organization reads encrypted field values in plaintext mistreatment the “View Encrypted Data” permission. However, the information keep in these fields is encrypted at rest, despite user permissions.
  • Useful limitations area unit obligatory on users World Health Organization act with encrypted knowledge. contemplate whether or not coding will be applied to a little of your business users and the way this application affects different users interacting with the information.
  1. Scan the protected Platform coding issues and perceive their implications in your organization.
  • Judge the impact of the issues on your business answer and implementation.
  • Check protect Platform coding in a very sandbox atmosphere before deploying to a production atmosphere.
  • Before sanctioning coding, fix any violations that you just uncover. for instance, referencing encrypted fields in a very SOQL wherever clause triggers a violation. Similarly, if you reference encrypted fields in a very SOQL ORDER BY clause, a violation happens. In each cases, fix the violation by removing references to the encrypted fields.
  1. Analyze and take a look at AppExchange apps before deploying them.
  • If you utilize Associate in Nursing app from the AppExchange, take a look at however it interacts with encrypted information in your organization and value whether or not its practicality is affected.
  • If Associate in Nursing app interacts with encrypted information that’s hold on outside of Salesforce, investigate however and wherever processing happens and the way data is protected..
  • If you think defend Platform secret writing may affect the practicality of an app, raise the supplier for facilitate with analysis. conjointly discuss any custom solutions that has got to be compatible with defend Platform secret writing.
  • Apps on the AppExchange that square measure designed solely mistreatment inherit defend Platform secret writing capabilities and limitations.
  1. Remember, platform secret writing isn’t a user authentication or authorization tool.
  • Use field-level security settings, page layout settings, and validation rules, not Platform secret writing, to regulate that users will see that information.
  • Ensure that a user unknowingly granted the “View Encrypted Data” permission would still see solely applicable information. By default, any user will edit encrypted fields, even users while not the “View Encrypted Data” permission.
  1. Grant the “Manage secret writing Keys” user permission to licensed users solely. Users with the “Manage secret writing Keys” permission will generate, export, import, and destroy organization-specific keys. Monitor the key management activities of those users frequently with the setup audit path.
  1. Grant the “View Encrypted Data” user permission to licensed users solely. Grant the “View Encrypted Data” permission to users United Nations agency should read encrypted fields in plaintext, as well as integration users United Nations agency should scan sensitive information in plaintext. Encrypted files square measure visible to any or all users United Nations agency have access to the files, despite the “View Encrypted Data” permission.
  1. Mass-encrypt your existing information. Existing field and file information isn’t mechanically encrypted after you activate defend Platform secret writing. To write in code existing field information, update the records related to the sector information. This action triggers secret writing for these records so your existing information is encrypted at rest. To write in code existing files, contact Salesforce.
  1. Do not use Currency and range fields for sensitive information. you’ll be able to typically keep non-public, sensitive, or regulated information safe while not encrypting associated Currency or range fields. Encrypting these fields may have broad practical consequences across the platform, like disruptions to roll-up outline reports, report timeframes, and calculations, so that they aren’t encryptable.
  1. Communicate to your users concerning the impact of secret writing. Before you modify defend Platform secret writing during a production atmosphere, inform users concerning however it affects your business answer. as an example, share the data delineated in defend Platform secret writing issues, wherever it’s relevant to your business processes.
  1. Use discretion once granting login access. If a user with the “View Encrypted Data” permission grants login access to a different user, the opposite user is in a position to look at encrypted fields in plaintext.
  1. Write in code your information mistreatment the foremost current key. After you generate a replacement tenant secret, any new information is encrypted mistreatment this key. However, existing sensitive information remains encrypted mistreatment previous keys. During this scenario, Salesforce powerfully recommends re-encrypting these fields mistreatment the newest key. Contact Salesforce for facilitate with this.

To encrypt some value we have to use some key value that can be hard coded or we can generate key also by using this:

Blob cryptoKey = Crypto.generateAesKey(256);

We have to use same key to decrypt that value.

Here I am going to share some code.Hope it will help you. I have created one visualforce page and one controller. In the page only one field(Name) is there and two button(Save & Update). When some value is entered in the name field and clicked on save button that value will be stored in the object encrypted format. Now record id in the url and click on update button encrypted value will be converted in to original format.

Visualforce  Page:

<span style="font-weight: 400;"><apex:page standardController="EnCrypt_Decrypt__c" extensions="EncryptExtensioncls"></span><span style="font-weight: 400;">
</span><span style="font-weight: 400;">    <apex:form ></span><span style="font-weight: 400;">
</span><span style="font-weight: 400;">        <apex:pageBlock ></span><span style="font-weight: 400;">
</span><span style="font-weight: 400;">            <apex:pageBlockSection ></span><span style="font-weight: 400;">
</span><span style="font-weight: 400;">                <apex:inputField value="{!encrypt.Name}"/></span><span style="font-weight: 400;">
</span><span style="font-weight: 400;">                <apex:commandButton value="Save" action="{!Save}"/></span><span style="font-weight: 400;">
</span><span style="font-weight: 400;">                <apex:commandButton value="Update" action="{!test}"/></span><span style="font-weight: 400;">
</span><span style="font-weight: 400;">            </apex:pageBlockSection></span><span style="font-weight: 400;">
</span><span style="font-weight: 400;">        </apex:pageBlock></span><span style="font-weight: 400;">
</span><span style="font-weight: 400;">    </apex:form> </span><span style="font-weight: 400;">
</span><span style="font-weight: 400;"></apex:page></span>


public class EncryptExtensioncls{
public EnCrypt_Decrypt__c encrypt{get;set;}
 //Blob cryptoKey;
Blob cryptoKey = Blob.valueOf('380db410e8b11fa9');
public Id recordId{get;set;}
public EncryptExtensioncls(ApexPages.StandardController controller){
//cryptoKey = Crypto.generateAesKey(256);
recordId = Apexpages.CurrentPage().getParameters().get('id');
if(recordId !=null){
encrypt = [SELECT id,Name From EnCrypt_Decrypt__c WHERE id=:recordId];
encrypt = new EnCrypt_Decrypt__c();
public PageReference Save(){
Blob data = Blob.valueOf(encrypt.Name);
Blob encryptedData = Crypto.encryptWithManagedIV('AES128',cryptoKey,data);
String b64Data = EncodingUtil.base64Encode(encryptedData); = b64Data;
 insert encrypt;
 return null; 
public PageReference test(){
 //Blob cryptoKey = Crypto.generateAesKey(256);
 //Blob data = Blob.valueOf(encrypt.Name);
Blob data = EncodingUtil.base64Decode(encrypt.Name);
Blob decryptedData = Crypto.decryptWithManagedIV('AES128',cryptoKey,data);
String dryptData = decryptedData.toString();
System.debug('Printing dryptData '+dryptData); = dryptData;
 update encrypt;
 return null;