Today we have a quick and easy X++ post where we’ll learn how to create an encrypted field in Dynamics 365 Finance and Operations.

Creating an encrypted field in Dynamics 365 Finance and Operations is a simple process that can help secure sensitive information in your application. By using an encryption key to encrypt the data, it ensures that the data remains safe even if it is accessed by unauthorized users.

By encrypted field I mean what you see, for example, in the Email parameters form for the SMTP password:

Email parameters encrypted field
Email parameters encrypted field

Encrypted fields

These encrypted fields aren’t stored as plain text in the database, instead they’re encrypted (as its name suggests) using a key and that value is saved.

It’s worth mentioning that each environment has a different encryption key, so when you refresh a sandbox or development environment with data from another environment, the values of encrypted fields are lost because they can’t be unencrypted with a different key.

Creating it

You need a new field in a form, you know that the first step is creating it in a table. For this example, I’ll be adding a field to the CustParameters table and form.

So extend the table in your model and go to the EDTs in the AOT and drag and drop the EncryptedField EDT into the CustParameters table extension. Give it the name you want, I’ll name mine AASEncryptedField, and let’s continue.

Next, you need to create a code extension for the CustParameters table. Because encrypted fields are shown on forms as an edit field, we need a method to encrypt and decrypt the content of the field, and that’s what we’ll do here:

final class CustParameters_aristeinfo_Extension
    public edit Name AASEncryptedNameEdit(boolean _set, Name _value)
        return Global::editEncryptedField(this, _value, fieldNum(CustParameters, AASEncryptedField), _set);

This is a regular edit method, but it’s calling Global’s editEncryptedField method and there it’s calling Appl’s class EncryptForPurpose and DecryptForPurpose kernel methods that do the job.

Defining an EDT as the return type in the method will help us display the right label in the form, so create your EDTs or use one that fits your purpose. I’m using the Name one because this is just a demo!

Finally, we’ll add a string field in the form and set the CustParameters table as its Data Source property, and the CustParameters_aristeinfo_Extension.AASEncryptedNameEdit method as its Data Method property. If your field’s base data type is not a string, you need to add the correct type of new field!

Synchronize, compile and let’s take a look at the field in the UI:

That doesn't look like it's encrypted...
That doesn’t look like it’s encrypted…

Ooops, I forgot about something! You need to set the form field’s property Password style to Yes! Otherwise, it’ll only show plain text. Let me change that…

Encrypted field with password style
Encrypted field with password style

That’s much more better. You might be wondering… if it was showing plain text before using the password style… was it really encrypted? Yes, it was. If we take a look at the field’s value in SQL Server Management Studio:

Encrypted value in SSMS
Encrypted value in SSMS

That’s the encrypted value stored in SQL Server. It was showing plain text because the editEncryptedField method of the Global class takes care of unencryption. But believe me that in SQL it’s stored as encrypted data! Done!

And just like that, you created a new encrypted field and added a bit more of security to your customizations. This has been quite easy, and as I always say, if you need to do something that the standard application already does, take a look at it because that’ll be the best way of doing it.


Receive an email when a new post is published

Microsoft Dynamics 365 Finance & Operations technical architect and developer. Business Applications MVP since 2020.

Write A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.