Document vault
|
|
| ID |
MOD-073 |
| System |
SD08 |
| Repo |
bank-app |
| Build status |
Deployed |
| Deployed |
Yes |
| Last commit |
c98d4214fd3e613d6a3c873f68551d129ff1a485 |
The document vault is the secure store for all documents associated with a customer's relationship with the bank — identity documents uploaded at onboarding, signed loan contracts, trade finance instruments, KYC refresh evidence, and statements. It provides the customer-facing upload and download interface and the internal storage and retrieval API used by other modules.
All documents are stored encrypted at rest with per-document encryption keys managed by the secrets module. Access is scoped to the owning customer and to bank staff with an active, authorised reason — any staff access is logged with the accessing user's identity, role, and stated reason. Customers can view a list of all documents held about them, fulfilling the subject access right under NZ and AU privacy law.
Statement generation is on-demand: the customer selects an account and date range, and the vault generates a PDF formatted as an official bank statement with a tamper-evident hash. Statements produced are logged and can be verified by third parties (e.g. mortgage lenders) against the hash. Retention schedules are enforced automatically — documents past their mandated retention period are purged without manual intervention.
Module dependencies
Depends on
| Module |
Title |
Required? |
Contract |
Reason |
| MOD-044 |
JWT role-based access control |
Required |
— |
Document access is gated by role-based access control — JWT scope validation determines which documents a caller can retrieve. |
| MOD-045 |
Secrets & key management |
Required |
— |
Documents are stored encrypted using keys managed by the secrets and key management module. |
| MOD-104 |
AWS shared infrastructure bootstrap |
Required |
— |
AWS shared infrastructure provisioned by MOD-104 (EventBridge buses, S3, KMS, Kinesis, Cognito) is required before this module can be deployed. |
| MOD-103 |
Neon database platform bootstrap |
Required |
— |
Neon database and schema provisioned by MOD-103 must exist before this module can read or write Postgres. |
| MOD-049 |
Open banking consent management |
Required |
— |
Consent gate — customer must have PRIVACY_POLICY granted before uploading regulated documents. |
| MOD-052 |
Role-scoped data access |
Required |
— |
Back-office RBAC — enforce() gates operator access to document_metadata by the role's permitted document categories. |
Required by
| Module |
Title |
As |
Contract |
| MOD-118 |
Member equity and share registry |
Hard dependency |
— |
| MOD-124 |
Physical card issuance and bureau integration |
Hard dependency |
— |
| MOD-126 |
Power of attorney and third-party authority |
Hard dependency |
— |
| MOD-131 |
Mutual governance and AGM administration |
Hard dependency |
— |
| MOD-133 |
Trust account management |
Hard dependency |
— |
| MOD-134 |
Community account management |
Hard dependency |
— |
| MOD-138 |
Deceased customer and estate management |
Hard dependency |
— |
Policies satisfied
| Policy |
Title |
Mode |
How |
| PRI-001 |
Privacy Policy |
GATE |
Customer documents are stored with access controls scoped to the owning customer and authorised bank staff only — no cross-customer document access is permitted. |
| PRI-003 |
Personal Information Retention & Destruction Policy |
AUTO |
Documents are retained for the required regulatory period and purged automatically when retention expires — the vault enforces the retention schedule. |
Capabilities satisfied
| Capability |
Title |
Mode |
How |
| CAP-117 |
Document upload & secure storage |
AUTO |
Accepts document uploads from the customer (KYC documents, supporting evidence, signed contracts) and stores them encrypted against the customer record. |
| CAP-118 |
Statement generation & download |
AUTO |
Stores and serves bank statement PDFs generated by MOD-113 via the upload finalize path. MOD-073 does not render the PDF — PDF generation and template rendering are MOD-113's responsibility. |
Part of SD08 — Customer App & Back Office Platform
Compiled 2026-05-22 from source/entities/modules/MOD-073.yaml