Secure Sensitive Data with Private File Storage - Migrating Public Files to Private

Storing sensitive information as public files in your Xano database can pose security risks, as anyone with the file URL can access it indefinitely. To address this concern, Xano provides a private file storage feature that allows you to generate signed, time-expiring URLs for your files, granting you better control over when and who can access them.

In this guide, we'll walk you through the process of migrating your existing public files to private storage using a function stack. We'll also demonstrate how to generate signed URLs for your migrated files, ensuring secure access to your sensitive data.

Step 1: Create a Private Files Field

Before we begin, make sure you have a separate private files field in your database table. This field is required for storing the metadata of your private files. When adding a storage field to your database, choose the "private file" option, as this cannot be changed later.

Step 2: Set Up the Function Stack

1. In your Xano workspace, create a new function stack.
2. Add a query function to retrieve all the records from your database table that contain public files.
3. Use a for each loop to iterate through the query results.
4. Inside the loop, create a file resource by providing the file name and file data from the public files field.
5. Generate new metadata for the private file by setting the `access` field to `private`. This tells Xano not to generate a public URL.
6. Edit the database record by clearing the public files field and adding the new private file metadata to the private files field.
7. Delete the public file from your Xano files library using the `delete file` function.

Step 3: Run the Function Stack

After setting up the function stack, run it to migrate all your public files to private storage. Once completed, you can verify the migration by checking your database table and the private files section in your Xano files library.

Step 4: Generate Signed URLs

To access your migrated private files, you need to generate signed, time-expiring URLs. Here's how:

1. Create a new function stack or modify an existing one.
2. Get a single record from your database table containing the private file you want to access.
3. Use the `private file sign URL` function to generate a signed URL for the file.
4. Set the `TTL` (Time to Live) parameter to specify the duration (in seconds) for which the URL will be valid.
5. Return the generated URL in the function stack's result.

Now, you can use this signed URL to access your private file within the specified time window. After the URL expires, attempting to access the file will result in an error message.

By following these steps, you can enhance the security of your sensitive data stored in Xano by migrating public files to private storage and generating time-limited access URLs. This approach ensures that your files are only accessible when necessary, reducing the risk of unauthorized access.