I'm storing user passwords for an external web service in salesforce, in encrypted fields. Using the SOAP API in JavaScript, I wish to use the password in a REST request. However, I'm unable to decrypt an encrypted field for use in this way. I could of course set the user profile to 'View Encrypted Data', but if I do this for every user it would defeat the point of the encryption in the first place. Is there a way around this or something I'm missing?
Best Answer
View Encrypted Data permission will allow the user to see the original value of the field both in the UI and via API.
You can use a permission set to add the "View Encrypted Data" permission to a specific user.
If you do add this permission, keep in mind that it is ORG WIDE for that user so you will have to be mindful of FLS for those encrypted fields you do not want them do see.....