Encryption used by mattermost

What type of encryption is used by mattermost?
if there are encryption is it enabled by default?

Hi there, @vibhi

You can refer to the official documentation - Encryption Options for more information on the type of encryptions offered by Mattermost, which is categorized into two types:

  • Encryption-in-transit
  • Encryption-at-rest

They are not enabled by default as you will have to set them up accordingly:

You may either set up TLS on the Mattermost Server or install a proxy such as NGINX and set up TLS on the proxy. Refer to our configuration guide for more details.

Encryption options at the disk level are documented both for MySQL and PostgreSQL.

For local storage or storage via Minio, encryption-at-rest is available for files stored via hardware and software disk encryption solutions applied to the server.

So, it really depends on the setup of your infrastructure.

1 Like

TLS is basically a encryption between user and server that is doen by default or if you use cloudflare?

What is the difference here ?

What type of encryption should i use which will be enough for user? basically making sure there private information remain safe. Sent files and Msg need to be encrypted (e2e) or somewhat near that .

Hello, @vibhi

The TLS setup is to be configured based on your preference. If you refer to the Configuring TLS on Mattermost Server. In case of setting up SSL on your server, you will need to make configuration changes on System Console > General > Configuration . I came across users utilizing Cloudfare for encryption, so it is another option that you can consider :

A simple encryption is to use a official signed SSL certificate issued by a certificate authority (for example, Let’s Encrypt) to secure communication. You can also consider setting up a proxy with TLS if you prefer a better security setup as well as performance.

@vibhi, to comment about need to protect private information: note that Mattermost does not support end-to-end encryption for files nor messages. After verifying the identify of the server (via TLS), Mattermost assumes the user trusts the administrators running that server, as is often the case in workplace environments.

There’s some discussion about this feature request at https://mattermost.uservoice.com/forums/306457-general/suggestions/36662833-end-to-end-e2e-encryption-support.

1 Like