diff --git a/continew-admin-common/src/main/java/top/continew/admin/common/config/properties/RsaProperties.java b/continew-admin-common/src/main/java/top/continew/admin/common/config/properties/RsaProperties.java
index 429f5d07..158f62b6 100644
--- a/continew-admin-common/src/main/java/top/continew/admin/common/config/properties/RsaProperties.java
+++ b/continew-admin-common/src/main/java/top/continew/admin/common/config/properties/RsaProperties.java
@@ -31,9 +31,11 @@ public class RsaProperties {
      * 私钥
      */
     public static final String PRIVATE_KEY;
+    public static final String PUBLIC_KEY;
 
     static {
         PRIVATE_KEY = SpringUtil.getProperty("continew-starter.security.crypto.private-key");
+        PUBLIC_KEY = SpringUtil.getProperty("continew-starter.security.crypto.public-key");
     }
 
     private RsaProperties() {
diff --git a/continew-admin-common/src/main/java/top/continew/admin/common/util/SecureUtils.java b/continew-admin-common/src/main/java/top/continew/admin/common/util/SecureUtils.java
index c4a996ee..0ba46587 100644
--- a/continew-admin-common/src/main/java/top/continew/admin/common/util/SecureUtils.java
+++ b/continew-admin-common/src/main/java/top/continew/admin/common/util/SecureUtils.java
@@ -44,6 +44,18 @@ public class SecureUtils {
         return Base64.encode(SecureUtil.rsa(null, publicKey).encrypt(data, KeyType.PublicKey));
     }
 
+    /**
+     * 公钥加密
+     *
+     * @param data 要加密的内容
+     * @return 公钥加密并 Base64 加密后的内容
+     */
+    public static String encryptByRsaPublicKey(String data) {
+        String publicKey = RsaProperties.PUBLIC_KEY;
+        ValidationUtils.throwIfBlank(publicKey, "请配置 RSA 公钥");
+        return encryptByRsaPublicKey(data, publicKey);
+    }
+
     /**
      * 私钥解密
      *
diff --git a/continew-admin-system/src/main/java/top/continew/admin/system/model/resp/StorageResp.java b/continew-admin-system/src/main/java/top/continew/admin/system/model/resp/StorageResp.java
index 8197e593..a2efe7f3 100644
--- a/continew-admin-system/src/main/java/top/continew/admin/system/model/resp/StorageResp.java
+++ b/continew-admin-system/src/main/java/top/continew/admin/system/model/resp/StorageResp.java
@@ -16,7 +16,6 @@
 
 package top.continew.admin.system.model.resp;
 
-import com.fasterxml.jackson.annotation.JsonIgnore;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;
 import top.continew.admin.common.enums.DisEnableStatusEnum;
@@ -72,9 +71,14 @@ public class StorageResp extends BaseDetailResp {
      * 私有密钥
      */
     @Schema(description = "私有密钥", example = "")
-    @JsonIgnore
     private String secretKey;
 
+    /**
+     * 私有密钥加密串
+     */
+    @Schema(description = "私有密钥加密串", example = "")
+    private String secretKeyEncrypted;
+
     /**
      * 终端节点
      */
diff --git a/continew-admin-system/src/main/java/top/continew/admin/system/service/impl/StorageServiceImpl.java b/continew-admin-system/src/main/java/top/continew/admin/system/service/impl/StorageServiceImpl.java
index 3d9db066..ef21cfa9 100644
--- a/continew-admin-system/src/main/java/top/continew/admin/system/service/impl/StorageServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/continew/admin/system/service/impl/StorageServiceImpl.java
@@ -28,6 +28,7 @@ import org.dromara.x.file.storage.core.FileStorageServiceBuilder;
 import org.dromara.x.file.storage.core.platform.FileStorage;
 import org.springframework.stereotype.Service;
 import top.continew.admin.common.enums.DisEnableStatusEnum;
+import top.continew.admin.common.util.SecureUtils;
 import top.continew.admin.system.enums.StorageTypeEnum;
 import top.continew.admin.system.mapper.StorageMapper;
 import top.continew.admin.system.model.entity.StorageDO;
@@ -37,6 +38,7 @@ import top.continew.admin.system.model.resp.StorageResp;
 import top.continew.admin.system.service.FileService;
 import top.continew.admin.system.service.StorageService;
 import top.continew.starter.core.constant.StringConstants;
+import top.continew.starter.core.util.ExceptionUtils;
 import top.continew.starter.core.util.URLUtils;
 import top.continew.starter.core.util.validate.CheckUtils;
 import top.continew.starter.core.util.validate.ValidationUtils;
@@ -61,16 +63,37 @@ public class StorageServiceImpl extends BaseServiceImpl<StorageMapper, StorageDO
     @Resource
     private FileService fileService;
 
+    @Override
+    protected void fill(Object obj) {
+        super.fill(obj);
+        if (obj instanceof StorageResp resp && StrUtil.isNotBlank(resp.getSecretKey())) {
+            resp.setSecretKeyEncrypted(SecureUtils.encryptByRsaPublicKey(resp.getSecretKey()));
+            resp.setSecretKey(StrUtil.hide(resp.getSecretKey(), 4, resp.getSecretKey().length() - 3));
+        }
+
+    }
+
     @Override
     protected void beforeAdd(StorageReq req) {
+        decryptSecretKey(req);
         CheckUtils.throwIf(Boolean.TRUE.equals(req.getIsDefault()) && this.isDefaultExists(null), "请先取消原有默认存储");
         String code = req.getCode();
         CheckUtils.throwIf(this.isCodeExists(code, null), "新增失败，[{}] 已存在", code);
         this.load(req);
     }
 
+    private void decryptSecretKey(StorageReq req) {
+        if (!StorageTypeEnum.S3.equals(req.getType())) {
+            return;
+        }
+        String secretKey = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(req.getSecretKey()));
+        ValidationUtils.throwIfNull(secretKey, "密钥解密失败");
+        req.setSecretKey(secretKey);
+    }
+
     @Override
     protected void beforeUpdate(StorageReq req, Long id) {
+        decryptSecretKey(req);
         String code = req.getCode();
         CheckUtils.throwIf(this.isCodeExists(code, id), "修改失败，[{}] 已存在", code);
         DisEnableStatusEnum newStatus = req.getStatus();