Mattermost, Inc.

Private Message Accessibility

Thanks for the awesome app!

My organization is looking to move away from Slack and join Mattermost. One of the primary concerns from my leadership team with this transition, is the ability to access private messages stored as plain text in the database. What solutions would you recommend to alleviate these concerns?

Thanks!

Hi @mwitt,

Not totally sure on your question.

One of the primary concerns from my leadership team with this transition, is the ability to access private messages stored as plain text in the database.

If your leadership wants the ability to view direct messages in plain text in the database, that is currently available. Similar to an email server, communication that happens on your company infrastructure is stored in the company database and accessible by the database administrator. At the same time, you can apply disk-level encryption for satisfy compliance requirements for keeping the data encrypted-at-rest.

If your leadership wants to have direct messages encrypted inside of the database secured with the cryptographic keys of the sender and receiver, you can upvote the feature idea for adding off-the-record support, as it’s not currently available.

That said, any encryption on messages within the database, versus the recommended practice of encrypting the entire database disk itself, means those messages won’t be available in search.

Does this help?