Skip to content

jaiyan-th/Secure-Digital-Document-Vault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
app
app
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
check_config.py
check_config.py
 
 
requirements.txt
requirements.txt
 
 
vercel.json
vercel.json
 
 

Repository files navigation

Secure Digital Document Vault 🔒

A zero-trust encrypted document vault with AES-256-GCM encryption, role-based access, and comprehensive audit logging.

🚀 Key Features

  • Zero-Knowledge Encryption: Files are encrypted with AES-256-GCM before storage.
  • Mandatory Password Protection: User-defined passwords for extra security layer.
  • Secure Uploads: Chunked processing, MIME-type validation, and malware-resistant storage.
  • Role-Based Access: Strict ownership controls (users can only access their own files).
  • Audit Logging: Immutable logs for every access, upload, download, and modification.
  • Device Trust: Track and manage trusted devices.

🛠️ Technology Stack

  • Backend: Python, FastAPI, SQLAlchemy
  • Database: SQLite (Local), PostgreSQL (Production compatible)
  • Security: Argon2 (Hashing), Cryptography (AES-GCM), PyJWT
  • Frontend: HTML5, CSS3, JavaScript (Vanilla)

📦 Setup & Run Locally

  1. Clone the repository:

    git clone https://github.com/your-username/secure-vault.git
cd secure-vault

  2. Create Virtual Environment:

    python -m venv venv
# Windows:
.\venv\Scripts\activate
# Mac/Linux:
source venv/bin/activate

  3. Install Dependencies:

    pip install -r requirements.txt

  4. Configure Environment: Copy .env.example to .env:

    cp .env.example .env

    Modify .env values as needed (e.g., SECRET_KEY).

  5. Run the Server:

    python -m uvicorn app.main:app --host 0.0.0.0 --port 8000 --reload

  6. Access the App: Open http://localhost:8000

☁️ Deployment Notes (Vercel / Serverless)

Important: This application uses SQLite (a file-based database) and Local File Storage (uploaded_files/) by default.

Serverless platforms like Vercel have read-only filesystems. To deploy on Vercel, you MUST configure external services:

  1. Database: Use an external PostgreSQL provider (e.g., Neon, Supabase, Render).
    • Update DATABASE_URL in .env.
  2. File Storage: Use an S3-compatible object storage (e.g., AWS S3, Cloudflare R2).
    • Code modifications required to replace local file operations with S3 API.

Recommended for Demo: Deploy on Render or Railway (using persistent disk) if you wish to keep the SQLite architecture.

🛡️ Security Architecture

  1. Encryption: AES-256-GCM with unique IV/Salt per file.
  2. Key Derivation: Argon2id for password hashing and key generation.
  3. Transport: Enforce HTTPS in production.
  4. No Plaintext: Server never stores user passwords or unencrypted file content.

Built for the Secure Digital Document Vault Project.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages