Document Archive System - Revision-Safe Document Management

Secure Archive Solution with WORM Principle and Compliance Features

2025-2026 Customer Project

Project Description

This project implements a secure, revision-safe document archive system similar to DocuWare or Kendox. The system ensures document integrity through SHA-256 hashing, provides immutable versioning where every change creates a new version, and offers comprehensive audit logging of all actions. Key features include WORM (Write Once Read Many) storage, AES-256-CBC encryption at rest, legal hold capability, configurable retention policies, and role-based access control at document level. Files are stored with UUID-based filenames to prevent manipulation, and the system supports both local and S3/MinIO storage backends.

Key Features

WORM Storage

Write Once Read Many principle prevents document modification after archiving

AES-256 Encryption

At-rest encryption for all stored archive files using Laravel encryption

Immutable Versioning

Every change creates a new version, original versions are never overwritten

Comprehensive Audit Logging

All actions including views, downloads, and access changes are logged with IP and user agent

Retention Policies

Configurable retention periods with automatic WORM lock and deletion rules

Document-Level Access Control

Role-based access with view, download, and full permissions per document

Technology Stack

Backend Framework

Laravel 11
PHP 8.2+
MySQL

Security

SHA-256 Hashing
AES-256-CBC
WORM Compliance

Frontend

Livewire
Alpine.js
Bootstrap

Storage

Local Filesystem
S3/MinIO
UUID Filenames

Workflow

  1. Document Upload: User uploads document with metadata and index fields
  2. Hash Calculation: SHA-256 hash is calculated for integrity verification
  3. Encryption: Document is encrypted with AES-256-CBC before storage
  4. UUID Storage: File is stored with UUID filename in year/month directory structure
  5. Version Creation: Initial version record is created with hash and metadata
  6. Archive Number: Unique archive number is generated (e.g., ARC-2026-000001)
  7. Audit Logging: All actions are logged including IP address and user agent
  8. Access Control: Role-based permissions control who can view, download, or manage
  9. Integrity Verification: Hash verification ensures document integrity over time
  10. Legal Hold: Documents can be placed on legal hold to prevent any deletion