I have a legacy application used to read sensitive data from a file and process it. I now have the requirement that the file containing the sensitive data must be encrypted. But my legacy application cannot be modified. So it has to use a file that is in clear. I have two additional security requirements saying that:

1. the file with the data in clear can not be stored in clear on the file server.-> in memory only
2. An admin must not be able to read the file in memory

I am left with a script that would decrypt the file, store the decrypted file in memory, and pass the memory file to the legacy application, provided the legacy application see it as a file (It means that I must mount the memory file server)

This must run on Linux. I could potentially use tmpfs on Linux but it has the drawback that an admin could access the file while it is being processed.

So I was thinking about implementing a FUSE server which would decrypt the file when it is ready by the legacy application, and serve the file to the application in memory.

I am wondering if there are other options to achieve it?

A simple one could be based on tmpfs, but I am afraid it cannot be accepted as the admin count have access to the temporary file server. Would it be possible to isolate the admin from this process?

I am wondering if a tool like Apache commons virtual file server could be used to mount a drive in memory. Or do you know other products which would provide this capability? I have found several in memory file server, but they are language dependant (like Java, python, ...) and can be used from java, python program only.

Any other idea?