Best Practices

Tips and best practices for using vaults

Pro Tips

Organizing Your Vaults

One vault per case/matter:

# Create vault for each case
curl -X POST https://api.case.dev/vault \
  -H "Authorization: Bearer sk_case_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Case 2024-1234: Smith v. Hospital",
    "description": "Medical malpractice - surgical negligence"
  }'

Or one vault per document type:

# Separate vaults for different document types
curl -X POST https://api.case.dev/vault -H "..." -d '{"name":"All Depositions 2024"}'
curl -X POST https://api.case.dev/vault -H "..." -d '{"name":"Medical Records Repository"}'
curl -X POST https://api.case.dev/vault -H "..." -d '{"name":"Discovery Documents Archive"}'

Using Metadata Effectively

Add rich metadata to make documents findable:

{
  "filename": "deposition-johnson.pdf",
  "contentType": "application/pdf",
  "metadata": {
    "case_id": "2024-1234",
    "case_name": "Smith v. Memorial Hospital",
    "document_type": "deposition",
    "witness_name": "Dr. Sarah Johnson",
    "witness_role": "defendant_expert",
    "deposition_date": "2024-11-04",
    "page_count": 150,
    "topics": ["post_operative_care", "monitoring_protocol", "standard_of_care"],
    "attorney": "Jane Doe",
    "firm": "Legal Associates LLP"
  }
}

Later you can filter searches:

{
  "query": "standard of care violations",
  "filters": {
    "metadata.witness_role": "defendant_expert",
    "metadata.topics": "post_operative_care"
  }
}

Bulk Upload Pattern

#!/bin/bash
VAULT_ID="sytp1b5f5j1yuj7uffzzxgw6"

# Upload multiple documents
for FILE in discovery/*.pdf; do
  FILENAME=$(basename "$FILE")

  echo "Uploading $FILENAME..."

  # Get upload URL
  RESPONSE=$(curl -s -X POST https://api.case.dev/vault/$VAULT_ID/upload \
    -H "Authorization: Bearer sk_case_..." \
    -H "Content-Type: application/json" \
    -d "{
      \"filename\": \"$FILENAME\",
      \"contentType\": \"application/pdf\"
    }")

  UPLOAD_URL=$(echo $RESPONSE | jq -r '.uploadUrl')
  OBJECT_ID=$(echo $RESPONSE | jq -r '.objectId')

  # Upload file
  curl -X PUT "$UPLOAD_URL" \
    -H "Content-Type: application/pdf" \
    --data-binary "@$FILE"

  # Trigger ingestion
  curl -s -X POST https://api.case.dev/vault/$VAULT_ID/ingest/$OBJECT_ID \
    -H "Authorization: Bearer sk_case_..." > /dev/null

  echo "✓ $FILENAME uploaded (ID: $OBJECT_ID)"
done

echo "All files uploaded and ingestion started!"

Security & Encryption

How Your Documents Are Protected

  1. Encryption at rest:
    • All S3 buckets use AWS KMS encryption
    • Your KMS key (if provided) or AWS managed keys
    • Data encrypted before writing to disk
  2. Encryption in transit:
    • All API calls use HTTPS/TLS 1.3
    • Presigned URLs are time-limited (1 hour)
    • No permanent public access
  3. Access control:
    • API key required for all operations
    • Vaults scoped to your organization
    • Can't access other orgs' vaults
  4. Isolation:
    • Each vault has separate S3 buckets
    • No data leakage between vaults
    • Vector indexes are vault-specific

Best Practices

  1. Use your own KMS keys for sensitive data
  2. Rotate API keys regularly
  3. Use presigned URLs for temporary access
  4. Add metadata to track document sensitivity
  5. Audit vault access via usage logs

Best Practices

Vault Organization

Good:

✓ One vault per case/matter
✓ Clear, descriptive names
✓ Include case numbers in vault name

Bad:

✗ One giant vault for everything
✗ Generic names like "Documents"
✗ No organization

Metadata Strategy

Always include:

  • Case/matter ID: Link documents to cases
  • Document type: deposition, medical_record, contract, etc.
  • Dates: Creation, incident, filing dates
  • Parties: Plaintiff, defendant, witnesses
  • Topics/tags: Key subjects for filtering

Example:

{
  "metadata": {
    "case_id": "2024-1234",
    "case_name": "Smith v. Hospital",
    "document_type": "medical_record",
    "patient": "Jane Smith",
    "facility": "Memorial Hospital",
    "specialty": "cardiology",
    "incident_date": "2024-03-15",
    "record_date_range": "2020-2024",
    "page_count": 350,
    "tags": ["surgery", "post_op", "complications"]
  }
}

Upload + Ingest Pattern

Always ingest after uploading to make documents searchable:

# 1. Get upload URL
UPLOAD=$(curl -X POST https://api.case.dev/vault/$VAULT_ID/upload \
  -H "Authorization: Bearer sk_case_..." \
  -H "Content-Type: application/json" \
  -d '{"filename":"doc.pdf","contentType":"application/pdf"}')

UPLOAD_URL=$(echo $UPLOAD | jq -r '.uploadUrl')
OBJECT_ID=$(echo $UPLOAD | jq -r '.objectId')

# 2. Upload file
curl -X PUT "$UPLOAD_URL" \
  -H "Content-Type: application/pdf" \
  --data-binary "@doc.pdf"

# 3. Trigger ingestion (DO THIS!)
curl -X POST https://api.case.dev/vault/$VAULT_ID/ingest/$OBJECT_ID \
  -H "Authorization: Bearer sk_case_..."

# Without step 3, document is stored but NOT searchable!
Architecture
Technical architecture and costs
Examples
Real-world vault usage examples