Encrypt Attachments
Neil Emery
Please provide the ability to encrypt attachments. We have encryption at rest turned on, but were informed that it only encrypts the data within our environment, not the attachments. We are unable to use the attachment feature, for compliance reasons, until we have assurance the attachments are encrypted.
Log In
Kristen Connolly
Also don't make all attachments public-facing!!! FYI - we just discovered that all attachments in ClickUp are public--facing, (e.g. when they are an attachment to an email to a support@ address that becomes a ClickUp Task, or when you email out from within a Task and someone replies and includes an attachment). Because it is really relevant to how our team hopes to use threaded emails, I wanted to share it with the folks on this Feature Request. See https://clickup.canny.io/feature-requests/p/dont-make-attachments-available-externally-via-url-unless-specifically-set for more info, in case you also find it relevant.
Brent
Kristen Connolly thanks for calling this out and for sharing the link.
We recently launched a Private Attachment Links setting that allows Workspace admins to require login to access attachment links. This means attachments shared via link will no longer be publicly accessible if that setting is enabled. More details can be found in the pinned comment within the post that you linked!
Kristiina Unnuk
Brent I just tested out the Private Attachment feature and see that the attachment is still accessible if you have a ClickUp session ongoing, even for people who have NO ACCESS TO THE WORKSPACE, SPACE, FOLDER OR LIST. This is absurd and does not at ALL solve the issue.