Home  >   Articles   >  Configuring Encrypted Data Fields in Vtiger CRM
Articles in this section

Configuring Encrypted Data Fields in Vtiger CRM

Learn how to configure Encrypted Data Fields in Vtiger CRM and mask sensitive information.
Bindu Rekha Babu
5 May, 2024 - Updated 2 months ago
Table of Contents


​​​​​​On storing sensitive data, such as a contact’s national ID number or credit card number, you can choose to give contacts control over that field by requesting permission through their Consents page.

When you store a person's sensitive data, specific laws may require you to handle that data in special ways. Such laws include GDPR and sometimes require special handling like encryption of data at rest or restriction of access to who may see and use the data to only those required for the data’s purposes.

Vtiger’s Encrypted Data or sensitive data field enables you to comply with those laws while helping protect you from the risk that your employees or malicious actors misuse data stored in your possession.

On the other hand, masking is a technique used to obscure certain parts of data for privacy or security purposes, often applied in user interfaces. Masking can be applied to sensitive fields as part of a broader data protection strategy. To know more about Masking in Vtiger, click here.

What are Encrypted Fields

An encrypted field is used to store sensitive information about a contact or a lead, such as credit card numbers, CVV, bank account details, etc. You need to get consent from the contact or lead to store such information. 
Note: You can create only up to five encrypted fields in a module.
To learn more about Consent, click here.

Feature Availability

  • Edition: The GDPR feature is available in the Starter, Professional, and Enterprise Editions
  • Modules: Leads and Contacts
  • Limit: 5 fields per module
  • Data limit in GDPR compliance Add-on
    • Personal fields - No limits
    • Encryption fields - 5 fields per module
    • Data consents - 10 fields per module
    • Custom consents - 10 fields per module

Getting Started with the Encrypted Data Fields

Before you get started, please read the below points carefully.

Points to remember

  1. Encrypted fields are available only if the Vtiger Privacy Guard is installed.
  2. Remember that encrypted fields will be disabled if you uninstall the Vtiger Privacy Guard Add-on.
    1. Note: These fields will not be shown in Module Fields and Layout > View Hidden after they are disabled.
  3. If you re-install the Vtiger Privacy Guard, all the disabled encrypted fields will be activated.
  4. You cannot downgrade from Vtiger One Enterprise edition to Professional or Starter edition if you have active encrypted fields.
  5. Vtiger does not restrict you when you downgrade from Professional edition to Starter edition, even if the Vtiger Privacy Guard is installed with active encrypted fields.

Sensitive data fields can be created in Vtiger’s Leads and Contacts modules and achieve all of the following:

Encryption of data at rest

Encryption of data at rest stores the data as an encrypted value in Vtiger’s database, which protects the data from unauthorized view by your employees, our employees, and any potential malicious intruders.

Selective obfuscation of data

By default, sensitive data in the user view of Vtiger will display as ****. You can choose to change that default view to reveal any number of characters at the beginning or at the end of the stored value. This will help the users verify the value without permitting them to unobfuscate the full value.
A common use of this is for storing a national ID number or a credit card number and revealing just the last four digits (For example, 529-49-5787 shows as 52****787).

Restriction of unobfuscation to only specific users

Although all users can see the obfuscated value of a restricted field, administrators can restrict which of your users are allowed to reveal the unobfuscated field value. This is achieved by giving user profiles access to view sensitive data fields and applying those profiles to users.

Configuring Sensitive Data Fields

Enabling Sensitive Data Fields

Plain text fields are the only fields that can be marked as sensitive by Vtiger. To enable a sensitive data field:

  1. Log in to the CRM.
  2. Go to the User Profile.
  3. Go to Settings.
  4. Go to the Module Fields and Layout Editor. 
  5. Choose either the Leads or Contacts modules.
  6. Create a new text field or edit the desired text field.
alt text
  1. Enable the Encrypt field property.
  2. Read, understand, and agree to the following conditions to enable the sensitive property.
  3. Choose the number of first and last characters to show all users accessing the field.
  4. Save the field.
Note: The text fields whose character limit is equal to or less than 100 can only be marked as the encrypted field.

Granting Profile Access to View Sensitive Data Fields

Follow these steps to grant profile access to view sensitive data fields:

  1. Log in to the CRM.
  2. Go to the User Profile.
  3. Click Settings.
  4. In the Settings page, expand User Management.
  5. Click Profiles.
  6. Select a particular profile to edit and expand the Contacts or Leads module. The Tools window opens.
  7. Enable the View encrypted field value checkbox.​​​​

alt text
  1. Save the settings.

Users with a profile capable of viewing sensitive field values will see a View button to the right of fields marked as sensitive in the Leads and Contacts modules. Clicking the button reveals the sensitive data field and logs the view.

Tracking Encrypted Fields for Access and Edits

Vtiger tracks all views and edits to fields marked as sensitive for future audits.
Field access logs for sensitive data changes can be viewed from the User Menu > Settings > User Management > Sensitive Field Access Logs. This allows you to search by field name, record name, module name, username, Date range, or action performed.

alt text

Considerations when enabling sensitive data fields

Please be aware that all of the following apply to sensitive data fields:

  • Encrypted field values are obfuscated by default for all users
  • Only users with the View Encrypted Field permission can decrypt values in detail views
  • List views, reports, and exported data can only show encrypted values
  • Global search only searches exposed characters
  • Once enabled, encryption cannot be disabled, and the number of un-obfuscated characters cannot be edited
  • If a user marks an address field (Billing address, Location, etc.) as Encrypted, then the map functionality will not work as the data will be encrypted.

Frequently Asked Questions

  1. What fields should I mark as personal fields?
    1. Fields that directly identify a person, such as a Name, Email address, Credit Card Number, Phone number, National ID, or Address.
    2. Fields that are personal but are needed for regulatory needs should not be marked as Personal fields since they will be erased if the user clicks on Erase personal data.
  2. What fields should I mark as encrypted fields?
    1. Information that, if revealed, could lead to a considerable loss for a person should be encrypted. For example, National ID, Credit Card Number, or Union Membership should be encrypted.
    2. Only text fields can be marked as encrypted. But, you cannot encrypt these fields - First Name, Last Name, and Primary Email.
  3. How do I delete an encrypted data field?
    1. To delete an encrypted data field, you must first disable the consent field associated with this field. And, then delete the field from Module Fields and Layout Editor.
  4. Is the Primary email field mandatory?
    1. No, it is not.
  5. Will print templates and email templates show the decrypted value?
    1. No, it is not.
Was this article helpful?
0  out of  0  found this helpful.
Comments 0
Be the first to comment
© Copyright 2023 Vtiger. All rights reserved.