Are Text(Encrypted) fields sufficient for storing sensitive authorization keys?
Answer
Text(Encrypted) fields are not recommended for storing sensitive authorization keys in Salesforce. Instead, you should: use protected custom settings, protected custom metadata API fields, or named credentials for storing sensitive authorization keys. If you need to store them in custom objects, encrypt the keys using the Apex Crypto API and store the encryption key separately in a protected custom setting or hidden custom metadata API field.
Are Text(Encrypted) fields sufficient for storing sensitive authorization keys?
Recommended Answer Update
Text(Encrypted) fields aren't recommended for storing sensitive authorization keys in Salesforce. Instead, you should: use protected custom settings, protected custom metadata API fields, or named credentials for storing sensitive authorization keys. If you need to store them in custom objects, encrypt the keys using the Apex Crypto API and store the encryption key separately in a protected custom setting or hidden custom metadata API field.
Reasoning
The original answer uses overly formal language ("are not recommended") when a more conversational tone ("aren't recommended") fits better with the brand guidelines. No outdated content was detected - the technical advice about Text(Encrypted) fields being insufficient and the recommendations for protected custom settings, custom metadata, named credentials, and proper use of Crypto API remain accurate and current. The three selected security rules directly relate to the FAQ's content: ApexBadCrypto covers the Crypto API encryption mentioned in the answer, ApexSuggestUsingNamedCred directly relates to the recommendation to use named credentials for authorization keys, and ProtectSensitiveData encompasses the overall topic of properly protecting sensitive authorization keys discussed throughout the FAQ.