diff --git a/mastodon/4.3.6/data.yml b/mastodon/4.3.6/data.yml
index 2b490eee1..f61c3aba5 100644
--- a/mastodon/4.3.6/data.yml
+++ b/mastodon/4.3.6/data.yml
@@ -51,6 +51,27 @@ additionalProperties:
       required: true
       rule: paramPort
       type: number
+    - default: ""
+      edit: true
+      envKey: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
+      labelZh: 数据库加密密钥
+      labelEn: Database encryption key
+      required: true
+      type: text
+    - default: ""
+      edit: true
+      envKey: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
+      labelZh: 数据库加密盐
+      labelEn: Database encryption salt
+      required: true
+      type: text
+    - default: ""
+      edit: true
+      envKey: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
+      labelZh: 数据库加密主键
+      labelEn: Database encryption primary key
+      required: true
+      type: text
     - default: "127.0.0.1"
       edit: true
       envKey: DB_HOST
diff --git a/mastodon/4.3.6/scripts/init.sh b/mastodon/4.3.6/scripts/init.sh
index 07fb8c3fe..a0ee2918d 100644
--- a/mastodon/4.3.6/scripts/init.sh
+++ b/mastodon/4.3.6/scripts/init.sh
@@ -9,6 +9,7 @@ if [ -f .env ]; then
   sed -i '/^GLOBAL_ENV_FILE=/d' .env
   echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env
   echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env
+  echo "APP_ENV_FILE=${CURRENT_DIR}/envs/mastodon.env" >> .env
 
   echo "Check Finish."
 
diff --git a/mastodon/4.3.6/scripts/upgrade.sh b/mastodon/4.3.6/scripts/upgrade.sh
index 07fb8c3fe..a0ee2918d 100644
--- a/mastodon/4.3.6/scripts/upgrade.sh
+++ b/mastodon/4.3.6/scripts/upgrade.sh
@@ -9,6 +9,7 @@ if [ -f .env ]; then
   sed -i '/^GLOBAL_ENV_FILE=/d' .env
   echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env
   echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env
+  echo "APP_ENV_FILE=${CURRENT_DIR}/envs/mastodon.env" >> .env
 
   echo "Check Finish."
 
diff --git a/mastodon/README.md b/mastodon/README.md
index 6e854692b..fc07d29c4 100644
--- a/mastodon/README.md
+++ b/mastodon/README.md
@@ -43,6 +43,20 @@ API。这带来了一个拥有众多选择的丰富应用生态系统！
 >
 > PostgreSQL 12+
 
+### 密钥
+
+您必须提供唯一的加密密钥：`ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY` `ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY` `ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT`
+
+您可以通过命令：`bin/rails db:encryption:init` 生成。
+
+您也可以使用终端的 `openssl` 命令生成：
+
+```bash
+echo "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32)"
+echo "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 32)"
+echo "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 32)"
+```
+
 ---
 
 ![Ms Studio](https://file.lifebus.top/imgs/ms_blank_001.png)