Mattermost, Inc.

Encrypt posts / messages in Database only

In the standardconfig messages are stored in cleartext at the database. If I would like to encrypt the messages, I have to use data-at-rest-encryption. (very new to me!) pointing to

So, as far as I understood it, you can ony encrypt all DBs with this.

There is no easier way to activate this via mattermost itself. e.g. “Activate DB encryption for messages”.


1 Like

Hi @mcdaniels,

Yes, you would need to follow the MYSQL documentation for this. Also, there is a config setting for regenerating the key:

Thanks for responding. As I am totally new to the encryption of DBs: If implemented like here:

would’t it be needed to tell the table (posts) that it has to be encrypted too?

Do you know any good how to for the configuration of the encryption of DBs?

Thank you!

I think MM could have end to end encryption.

Let the server generate keys and send and receive encrypted texts.

as easy as enable/disable encryption in the admin console.


thanks, but this is a missunderstanding. I am already using ssl encryption via proxy so the messagetransfer itself is encrypted.

BUT: The messages are stored in die MM-DB. And this is happening in clear-text. So my goal is, to encrypt this data (the table in the DB).

At the moment I am using a retentiontime (5 days) for messages and files. So messages and files should be deleted after this timespan.

Yes I agree. Database, as part of the process, should have the texts encrypted.

Just out of curiosity why are you deleting messages from the table?

History is quite a good feature in a chat app.

We are sometimes exchanging data, which is security critical. The idea behind is, that this data shouldn’t be archived too long @ DB as it is cleartext. (for sure no good security solution, but at least a little bit).

There is no need at the moment for saving it longer.

The best would be to have at least a table-encryption of the “posts” in combination with message encryption while message exchange.

Unfortunatly I am a little bit confused about the DB-encryption at the moment.

Hi @mcdaniels,

There is more detail about encryption here as well: I believe currently we don’t have encryption within the database.

thanks for your reply. I am aware of the transmissionencryption :wink:

Perhaps you can implement a feature (at least for encryption of the posts in the db) in some future versions.

Hi @mcdaniels, thank you for the feedback, would you like to contribute this idea in our Feature Requests forum:

ok, I will do that :wink: