Database Encryption Feature Request #5422

New Issue

OVERLORD · 2026-02-05T10:03:28+03:00

OVERLORD commented

2026-02-05 10:03:28 +03:00

Originally created by @kilian-goetz on GitHub (Sep 3, 2025).

Describe the feature you'd like

I would like to request a new feature that allows for the encryption of the entire BookStack database. In my professional context, I use BookStack as a centralized documentation system for operational procedures and vital information. Due to strict security audits and compliance with certain standards (e.g., ISO 27001), our auditors require that all data at rest, including the database, be encrypted.

Having a built-in option in BookStack to enable this would be extremely beneficial. This feature would ideally be a simple toggle or configuration setting, allowing users to activate full database encryption without extensive manual intervention or system-level knowledge.

Describe the benefits this would bring to existing BookStack users

The primary benefit of this feature would be a significant improvement in data security for all BookStack users. By offering an integrated database encryption option, BookStack would become a more viable solution for organizations with strict security and compliance requirements, such as those in finance, healthcare, government, etc.

This would help users meet standards like ISO 27001 by ensuring that sensitive data is protected even if the underlying storage is compromised. It would also increase trust in BookStack as a professional documentation system and expand its potential user base.

Can the goal of this request already be achieved via other means?

Yes, the goal can be partially achieved by encrypting the storage volume where the Docker container's data is stored. For example, using LUKS on Linux to encrypt the disk partition or using a full-disk encryption solution.

However, this method is external to BookStack and requires system-level knowledge. It can also be complex to manage, especially in cloud environments. An integrated encryption feature would be a superior approach because it would be platform-independent and much easier for all users to implement, regardless of their underlying infrastructure.

Have you searched for an existing open/closed issue?

I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

1 to 5 years

Additional context

No response

Originally created by @kilian-goetz on GitHub (Sep 3, 2025). ### Describe the feature you'd like I would like to request a new feature that allows for the encryption of the entire BookStack database. In my professional context, I use BookStack as a centralized documentation system for operational procedures and vital information. Due to strict security audits and compliance with certain standards (e.g., ISO 27001), our auditors require that all data at rest, including the database, be encrypted. Having a built-in option in BookStack to enable this would be extremely beneficial. This feature would ideally be a simple toggle or configuration setting, allowing users to activate full database encryption without extensive manual intervention or system-level knowledge. ### Describe the benefits this would bring to existing BookStack users The primary benefit of this feature would be a significant improvement in data security for all BookStack users. By offering an integrated database encryption option, BookStack would become a more viable solution for organizations with strict security and compliance requirements, such as those in finance, healthcare, government, etc. This would help users meet standards like ISO 27001 by ensuring that sensitive data is protected even if the underlying storage is compromised. It would also increase trust in BookStack as a professional documentation system and expand its potential user base. ### Can the goal of this request already be achieved via other means? **Yes**, the goal can be partially achieved by encrypting the storage volume where the Docker container's data is stored. For example, using LUKS on Linux to encrypt the disk partition or using a full-disk encryption solution. However, this method is external to BookStack and requires system-level knowledge. It can also be complex to manage, especially in cloud environments. An integrated encryption feature would be a superior approach because it would be platform-independent and much easier for all users to implement, regardless of their underlying infrastructure. ### Have you searched for an existing open/closed issue? - [x] I have searched for existing issues and none cover my fundamental request ### How long have you been using BookStack? 1 to 5 years ### Additional context _No response_

OVERLORD added the 🔨 Feature Request label 2026-02-05 10:03:28 +03:00

OVERLORD commented

2026-02-05 10:03:30 +03:00

@adonm commented on GitHub (Sep 23, 2025):

It would probably be easier to just use Data at Rest Encryption i.e. your DB operator / cloud providers at rest encryption options.

@adonm commented on GitHub (Sep 23, 2025): It would probably be easier to just use [Data at Rest Encryption](https://docs.percona.com/percona-server/8.4/data-at-rest-encryption.html) i.e. your DB operator / cloud providers at rest encryption options.

OVERLORD commented

2026-02-05 10:03:32 +03:00

@kilian-goetz commented on GitHub (Oct 2, 2025):

Greetings @adonm,

Thanks for your answer. Has this solution been tested? Is BookStack designed to work with a database encrypted by a third-party application? 😃

@kilian-goetz commented on GitHub (Oct 2, 2025): Greetings @adonm, Thanks for your answer. Has this solution been tested? Is BookStack designed to work with a database encrypted by a third-party application? 😃

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5422