encryption – designing a secure/encrypted file storage for a multi-tenant saas app with local and cloud storage in mind


as the title suggest, I need to handle the tenant files in a multi-tenant saas app. fairly common scenario I believe and should have been solved by the gurus already.

right now the app is in infancy and does not have many clients. it may become popular, or it may eventually prove to be a total failure.

so by following the rule of keeping it simple and create something only when we need it, I went with a very basic LocalFileStorage application service.

This service takes the file and the tenant ID, and saves everything into a local data dir that looks something like this

// dir structure = /data/{tenant-id}/{file-type}/{file-name}

/data/tenant-1/profile-images/123.jpg
/data/tenant-2/invoices/123.pdf
/data/tenant-3/purchase-receipts/123.doc
/data/tenant-3/travel-docs/123.xslx

and I believe the same dir structure can be migrated easily to a cloud like AWS or Google, if someday the need arises.

but there are few design decisions where I am a little bit stuck and need your expert advice.

  • the dir structure hierarchy, is it alright? keeping everything under a tenant ID to make sure all files of a single tenant are always together? I was told by a DDD/micro-service fan that instead of dir-per-user, I should be making the service name (like invoice) to be the top dir and then use tenant Id, (/data/invoices/tenant-3/) because at anytime, contexts have the highest priority to create the boundaries in ddd.
    question is, does it even matter where and how the files are stored as long as everything is tucked away behind a handler service?

  • the real question is, how to secure the files so that none (including the sys admins) can read or open them, and only the logged in person can get to see and read the actual file. obviously encrypting the files before storing them and then decrypting on the fly when serving the client sounds like the right option but I have a feeling that if I will do it myself, it is gonna bite back. what are the options for such a task in linux based system?