Heroku, Strapi, CRA and file upload of users' private files

Could someone kindly advise on how to implement file storage for users’ private files that should not be publicly available? It’s a Heroku hosted, Strapi backend + CRA front.
I’ve read something about encryption when using AWS S3, however, I’m unable to find any additional information on how to implement something like that. Perhaps there is some better alternatives to get this done? Is there perhaps a plugin somewhere which stores the uploaded files directly in a Postgres database, so the file would not leave the Heroku infrastructure?

Hello! Can you please give us the exact need/use-case you have.

You want to keep the current usage of the upload system BUT another system for private file?
Not sure to understand.

Thank you for your details.


Thank you for the reply!

Here’s my use-case:
I’m building a system where users can upload their private files via front-end (CRA) and further process them inside the system (custom-developed logic). I will deploy this CRA + Strapi evironment to Heroku, so it’s impossible to use the local upload provider, as the files will get wiped from the server.

All existing upload providers ensure that files can be uploaded to external cloud storage AWS S3, Cloudinary, Azure, etc., however this makes me allow access to those uploaded files to general public to ensure they can also be opened inside the application, which is not acceptable as all the files are sensitive and confidential, so I have to keep them protected.

I located an upload provider created by community that stores files as blobs in MongoDB, however due to various reasons MongoDB Atlas cannot be used in my app.

I was looking for any alternatives to store my files in PostgreSQL, since Heroku supports this natively and such upload provider might be useful also for other types of applications, where files are not only static images and assets, but where they are a part of business logic.


Sadly I do not have proper way to do that or a clear workaround.

Based on what you said, I think the best way is to investigate the MongoDB provider you talk about.
Make sure to understand how it works. Understand the logic they applied to use permissions to check the file access.
And then create your own PG provider with the same logic but applied to PG.

Here it needs a bit of development.
Documentation about how to create a provider: https://strapi.io/documentation/v3.x/plugins/upload.html#create-providers