Reading into Shield Encrypted Fields from Salesforce Marketing Cloud

We are currently integrated with the core platform through marketing cloud connect and we are using salesforce data as an entry source in most of our journeys.

My question is, if we were to go with Shield, will we be able to read into the shield encrypted fields through SF entry data in Journey builder?

I did a POC with classic encryption and found that if I want to continue using salesforce data as an entry source, there is no way for me to be able to read into the encryption fields


You’ll need to enable Encrypted Data Sending (EDS) permissions in Marketing Cloud to identify encrypted fields from Sales or Service Cloud, using Classic or Platform Encryption. Marketing Cloud supports:

  • Classic Encryption
  • Shield Platform Encryption
  • Field-Level Encryption

Also if you are enabling Field Level Encryption (FLE) on the Marketing Cloud side, Shield and FLE are compatible and Journey Builder does not support Platform Encryption but you can still use Sales/Service cloud data as entry events:

Journey Builder Events do not support Platform Encryption. The
Marketing Cloud does not re-encrypt data imported via events. Journey
Builder lets you create an entry event to power a journey based on
Sales and Service Cloud data. Journey Builder then creates associated
data extensions as it creates the entry events. The Marketing Cloud
does not encrypt data taken from the Sales and Service Clouds as part
of these entry events currently. You can use Journey Builder with
Field-Level Encryption and implement Synchronized Data Extensions
instead of data imports to maintain encryption.

There is also Transparent Data Encryption (TDE) on the Marketing Cloud side, but that happens on the backend.

Lastly, here is a relevant question on the Implications of Enabling FLE.

Source : Link , Question Author : Daniel Chen , Answer Author : Jackson Chen

Leave a Comment