A secure, full-stack document management platform built for hospitals, law firms, and enterprise teams.
VaultDocs provides two lanes:
- Personal — individual document storage (3GB free, 50 docs)
- Professional — multi-tenant org builder with department tree, RBAC, and compliance tools
Backend
- Python + Flask (factory pattern)
- PostgreSQL + SQLAlchemy ORM
- Flask-JWT-Extended (httpOnly cookies)
- Flask-Limiter, Flask-WTF, Flask-Talisman
- Marshmallow validation
- pytest (TDD)
Frontend
- Jinja2 + HTMX
- Tailwind CSS
- Vanilla JS (upload, tree, search, auth, drag-drop)
Infrastructure (Phase 3)
- Azure App Service
- Azure Blob Storage
- Azure SQL Database
- Azure Key Vault
- Azure WAF
- 🔐 JWT authentication with httpOnly cookies
- 🏢 Multi-tenant organization builder
- 🌳 Adjacency list department tree (recursive CTE)
- 📁 Document upload, download, delete
- 👥 RBAC (Owner, Admin, Editor, Reader)
- 📋 Audit logs (append-only)
- 💳 Stripe billing with 3-day trial
- 📦 Bulk import via Excel (Enterprise)
- 🔒 HIPAA/CCPA compliance modes
- 🤖 Azure AI OCR (Phase 4)
vaultdocs/ ├── app/ │ ├── blueprints/ │ │ ├── auth/ # Login, logout, MFA │ │ ├── documents/ # Upload, download, delete │ │ ├── nodes/ # Org tree CRUD │ │ ├── tenants/ # Organization management │ │ ├── files/ # File serving │ │ └── web/ # Jinja2 web routes │ ├── models/ # SQLAlchemy models │ ├── services/ # Business logic │ ├── templates/ # Jinja2 HTML templates │ └── static/ # CSS, JS assets ├── tests/ │ ├── unit/ │ └── integration/ ├── migrations/ # Alembic migrations └── docs/ # SDD, specs, decisions
| Phase | Goal | Status |
|---|---|---|
| 1 | Local MVP — auth, org tree, document upload | 🔨 In Progress |
| 2 | Search, RBAC, sharing, audit log UI | ⏳ Planned |
| 3 | Azure migration — Blob, SQL, App Service, WAF | ⏳ Planned |
| 4 | AI OCR, Stripe billing, bulk import | ⏳ Planned |
| 5 | React Native mobile app | ⏳ Planned |
- Python 3.12+
- PostgreSQL
- pip
# Clone the repo
git clone https://github.com/renilsonjr/vaultdocs.git
cd vaultdocs
# Create virtual environment
python -m venv .venv
source .venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Copy environment variables
cp .env.example .env
# Edit .env with your values
# Run database migrations
flask db upgrade
# Start the server
flask run --port 5001SECRET_KEY= JWT_SECRET_KEY= DATABASE_URL= STRIPE_SECRET_KEY= STRIPE_PUBLISHABLE_KEY= STRIPE_WEBHOOK_SECRET= STRIPE_PRICE_ID= STORAGE_BACKEND=local STORAGE_BASE_PATH=/tmp/vaultdocs-uploads
pytest tests/ -v- JWT tokens stored in httpOnly, SameSite=Lax cookies
- CSRF protection on all forms
- Rate limiting (5 login attempts/min)
- Marshmallow input validation
- SQLAlchemy parameterized queries
- Soft delete + audit logs
- Bandit + Semgrep SAST (Phase 1)
- OWASP ZAP DAST (Phase 2)
- Burp Suite pen test (Phase 3)
Renilson Rodrigues Jr.
- GitHub: @renilsonjr
- LinkedIn: linkedin.com/in/renilsonjr
Built as a portfolio project demonstrating full-stack Python development, security engineering, and cloud architecture.