Encrypting messages when storing in RabbitMQ persistence storage

Question

I'm using RabbitMQ as the message broker for my application and uses persistent storage as the message storage mechanism. Some of the messages I send to RabbitMQ has sensitive data which needs not be stored in plain text. It seems there are two options I can follow to make sure the messages are not stored in RabbitMQ in plain text.

Option 1 - Encrypt the messages before sending them to RabbitMQ so anyway the message content will not be in plain text. This introduces a bottleneck where I'll not be able to let some authorized third party consume my messages because it requires the third party to know the decryption key

Option 2 - Configure RabbitMQ in a way it encrypts and decrypts messages when storing and reading from persistent storage.

I prefer to go with option 2. Following are my questions.

1. Does RabbitMQ store messages in plain text in the persistent storage so anyone who has access to the filesystem and access the files and read the message contents?
2. Can we configure RabbitMQ persistent storage to store data as encrypted?

Answer 1

I believe this answer in the RabbitMQ mailing list addresses your point:

RabbitMQ does not encrypt data at rest. Use a filesystem that offers encryption.