I work on an totally free and open source project that’s all about bringing the concepts of zero trust into applications called openziti (check it out if you’re interested). Anyway, we self-host Mattermost and use it as our internal chat application. We are able to access the chat app safely and securely without needing to have Mattermost exposed to the internet at all, using an OpenZiti overaly network (also self-hostable).
Anyway, I was on the community server talking to a MM person and they recommend I toss this idea out into this feedback forum for input.
The idea would be to embed zero trust directly into Mattermost, making it capable of being accessed from anywhere securely but through application embedded zero trust (there would be no need for some kind of proxying port or ‘agent’ as is always the case). You’d just download Mattermost, optionally join it to an OpenZiti overlay network and you’d be off an running.
I’m happy to discuss the idea here if there’s any interest. I know selfishly, I’d love to be able to have our own Mattermost instance protected by end to end encryption and know exactly who is able to access the server in this way.
I’m wondering if there are any other security-conscious people out there that think this is a good (or bad) idea.