Engram's SQLite database (engram.db) contains:

• Memory summaries: Three levels of detail (level_0 atomic summary, level_1 moderate, level_2 full) extracted from conversations by the LLM encoder
• Transcript chunks: Raw conversation text from archive logs, indexed for search
• Entity lists: Named entities extracted from conversations (people, projects, tools)
• Embeddings: Dense vector representations of memories (1536-dim float32)
• Mention records: Links between memories and their source conversation segments
• Cost logs: LLM API usage tracking

• Unencrypted: engram.db is a standard SQLite file with no encryption at rest
• File permissions: Engram sets the DB file to 0600 (owner read/write only) on creation
• Local only: The database is never transmitted over the network. All search happens locally.
• Archive logs: engram-logs/*.log contain cleaned conversation text. Same permission model.

Recommendation: Keep engram.db and engram-logs/ in a directory with restricted permissions. Do not commit them to version control. Add to .gitignore:

engram.db
engram-logs/

Engram has a regex-based secret scanner that runs on every extracted memory:

• Detects: API keys (sk-, key-, token-), passwords, connection strings, PEM blocks, high-entropy strings
• Action: Detected secrets are redacted before storage (replaced with [REDACTED])
• Limitation: This is a backstop, not a guarantee. The LLM encoder could extract sensitive content in forms that don't match the regex patterns.

API keys are resolved in this order:

1. Explicit value in engram.json (not recommended — use env vars)
2. OpenClaw's openclaw.json env block (if present)
3. Environment variables: ANTHROPIC_API_KEY, OPENAI_API_KEY

API keys are never stored in the database. They exist only in memory during process execution.