steve7158
commented
2 weeks ago Hi, @maximometascript , @HenryHengZJ To encrypt the messages can we use the encryption key used for encoding the credential data before storing it in the DB, for toggling we can add a switch in the settings menu. let me know if this works, id like to work on this if its ok.
Describe the feature you'd like I'd like the option to turn on message encryption so that the database (i.e., MySQL) stores messages in an encrypted manner. This would be to prevent an attack vector where the root database username/password are compromised. Sensitive information could be discussed with a chatbot, and this should not leak out to an attacker.
Additional context While ideally this encryption would be unlocked by information in end user tokens given through an SSO solution such as Keycloak, a master key would still prove useful as a stop gap.