Is storing encrypted files on IPFS good enough?


Smart Vault, an alternative for storing confidential DApp files.

Blockchain transparency is great, but for many use cases involving user data, privacy and confidentiality are essential.

When building any application regardless of its centralized or decentralized nature, sooner or later you will need to persist user data.

It has become a popular method for projects to encrypt and store sensitive data publicly on IPFS — essentially making the encrypted data available to everyone! Don’t take me wrong, encryption is definitely important. However, wouldn’t it be more secure if the encrypted data is only accessible to authorized parties?

Is there another way?

Smart Vault

A permissioned IPFS protocol connected to the blockchain.

Data is accessed on a need-to-know basis and can be erased forever. Access is controlled by programmable smart contracts that contain an Access Control List (ACL). This offers transparent, public and verifiable access without a central controller. Control is always in the hands of the data owner, smart contract author, which means it is GDPR compliant by default.

How does it work?

Let me walk you through an example for a potential Decentralized Google Drive Application where two users (peers) share a confidential document between each other.

#1, Alice stores a confidential document in her Smart Vault

  • an ACL smart contract is deployed on the blockchain
  • the document is added to a permission-enhanced IPFS storage
  • the IPFS Merkle DAGs are linked to the ACL smart contract
  • a public shareable document reference, Metadata file, and its hash, is generated

#2, Alice would like to share the document with her colleague Bob, so she grants him a read access using the ACL smart contract

  • Alice shares the document reference (the hash of the Metadata) with Bob

#3, Bob attempts to fetch and open the document

  • Bob’s Smart Vault performs a read request to all peers
  • IPFS protocol resolves the peer holding the document, Alice’s node
  • Alice’s Smart Vault performs an authorization check against the confidential document’s ACL before distributing the content
  • Bob has been granted access, therefore, the authorization succeeds
  • Alice’s Smart Vault sends the document to Bob
  • Bob opens the document

#4, The document is now stored in two decentralized Smart Vaults, protected with the same ACL

Adding a file

For code lovers, this is how the internals look like in action:

Adding a file to SmartVault
Adding a file to Smart Vault

How can your project start using Smart Vault today?

In order to allow developers to focus only on what really matters, the DApp business logic, we abstracted all the technical storage details into a developer-friendly SDK, Leth.

Depending on your project needs, Leth allows you to interact with the Smart Vault in multiple ways. Import Leth as a Go library. Execute CLI commands or perform HTTP communication.

Need a front-end integration? Use the Leth JS SDK for wrapping the HTTP calls and directly signing ACL transactions on the client side (browser/mobile) and broadcasting them to blockchain using the smart contract ABI and web3.js library.

HTTP Usage Example

curl -X POST \
http://localhost:9091/storage/add \
-H 'Content-Type: multipart/form-data' \
-F owner=0xa92e3705e6d70cb45782bf055e41813060e4ce07 \
-F password=$PWD \
-F file="@/tmp/secret_file.txt"


CLI Usage Example

leth storage add --nodeid=1 --network=mainnet --owner=0xa92e3705e6d70cb45782bf055e41813060e4ce07 \

Full List Of Available Commands

Leth CLI Docs

Smart Vault is at the moment in alpha stage with many more requested features are on the way!

Let me summarize

Do I have to use Lightstreams blockchain to use Smart Vault?

You can also connect it with Ethereum.

Is Smart Vault cloud storage?
As IFPS, Smart Vault is NOT cloud storage. It is peer-to-peer storage. Files are distributed to other devices when they are requested. With our modified version of IPFS, the files are only shared with authorized computers. In an ideal decentralized world, every user is running its own Smart Vault node.

Can new authorized users access the file after the original owner goes offline?

Yes, as long as at least one authorized user who already has the content is online. If multiple content holders are online, the content will be seeded from all the peers simultaneously for the best performance in a torrent like style powered by IPFS Bitswap protocol.

What else can I do with Smart Vault?

Ecommerce. A few weeks ago we published documentation on how projects can build applications to sell digital content and how users can buy the content without any intermediary! Peer-to-Peer E-commerce Tutorial.

I have a few more questions, who can I ask and where?

First of all, thank you for your interest! Drop a comment below, join our Telegram group or DM me on LinkedIn.


Smart Vault is a developer-friendly, programmable storage for decentralized applications. Let your users own and control their data.

Is storing encrypted files on IPFS good enough? was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.