diff --git a/.env.sample b/.env.sample
index ec269df..ad7b275 100644
--- a/.env.sample
+++ b/.env.sample
@@ -5,6 +5,7 @@ VERSION=local
 AUTH_JWT_SECRET=auth_jwt_secret
 
 EXPOSED_PORT=3000
+EXPOSED_FILES_PORT=3125
 
 DB_HOST=db
 DB_REPLICA_HOST=db
@@ -40,3 +41,9 @@ NEW_RELIC_NO_CONFIG_FILE=true
 NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false
 NEW_RELIC_LOG_ENABLED=false
 NEW_RELIC_LOG_LEVEL=info
+
+# File upload path (relative to root directory)
+FILE_UPLOAD_PATH=data/uploads
+
+# File uploads
+VALET_TOKEN_SECRET=change-me-!
diff --git a/.gitignore b/.gitignore
index f737063..530496a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,8 @@ data/import/*.sql
 auth.env
 api-gateway.env
 syncing-server.env
+files.env
+
+# File Uploads
+data/uploads/*
+!data/uploads/.gitkeep
diff --git a/data/uploads/.gitkeep b/data/uploads/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/docker-compose.yml b/docker-compose.yml
index 984f6ae..3bb9cbf 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -51,9 +51,11 @@ services:
       PORT: 3000
       AUTH_JWT_SECRET: '${AUTH_JWT_SECRET}'
       REDIS_URL: '${REDIS_URL}'
+      FILES_SERVER_URL: 'http://localhost:${EXPOSED_FILES_PORT}'
     entrypoint: [
       "./wait-for.sh", "auth", "3000",
       "./wait-for.sh", "syncing-server-js", "3000",
+      "./wait-for.sh", "files", "3000",
       "./docker/entrypoint.sh", "start-web"
     ]
     restart: unless-stopped
@@ -86,6 +88,7 @@ services:
       DB_MIGRATIONS_PATH: '${DB_MIGRATIONS_PATH}'
       REDIS_URL: '${REDIS_URL}'
       AUTH_JWT_SECRET: '${AUTH_JWT_SECRET}'
+      VALET_TOKEN_SECRET: '${VALET_TOKEN_SECRET}'
     restart: unless-stopped
     networks:
       - standardnotes_standalone
@@ -116,6 +119,27 @@ services:
       DB_MIGRATIONS_PATH: '${DB_MIGRATIONS_PATH}'
       REDIS_URL: '${REDIS_URL}'
       AUTH_JWT_SECRET: '${AUTH_JWT_SECRET}'
+      VALET_TOKEN_SECRET: '${VALET_TOKEN_SECRET}'
+    restart: unless-stopped
+    networks:
+      - standardnotes_standalone
+
+  files:
+    image: standardnotes/files:1.9.0
+    container_name: files-standalone
+    entrypoint: [
+      "./wait-for.sh", "db", "3306",
+      "./wait-for.sh", "cache", "6379",
+      "./docker/entrypoint.sh", "start-web"
+    ]
+    ports:
+      - ${EXPOSED_FILES_PORT}:3000
+    env_file: docker/files.env
+    environment:
+      FILE_UPLOAD_PATH: '${FILE_UPLOAD_PATH}'
+      VALET_TOKEN_SECRET: '${VALET_TOKEN_SECRET}'
+    volumes:
+      - ./${FILE_UPLOAD_PATH}:/var/www/${FILE_UPLOAD_PATH}
     restart: unless-stopped
     networks:
       - standardnotes_standalone
diff --git a/docker/auth.env.sample b/docker/auth.env.sample
index 2ebdbbe..8a7b2e0 100644
--- a/docker/auth.env.sample
+++ b/docker/auth.env.sample
@@ -29,3 +29,6 @@ EPHEMERAL_SESSION_AGE=259200
 ENCRYPTION_SERVER_KEY=server_key
 
 SYNCING_SERVER_URL=http://syncing-server-js:3000
+
+# File Uploads
+VALET_TOKEN_TTL=7200
diff --git a/docker/files.env.sample b/docker/files.env.sample
new file mode 100644
index 0000000..2fa610d
--- /dev/null
+++ b/docker/files.env.sample
@@ -0,0 +1,17 @@
+LOG_LEVEL=info
+NODE_ENV=production
+VERSION=local
+
+PORT=3000
+
+S3_BUCKET_NAME=
+S3_AWS_REGION=
+SNS_TOPIC_ARN=
+SNS_AWS_REGION=
+
+REDIS_URL=redis://cache
+REDIS_EVENTS_CHANNEL=events
+
+MAX_CHUNK_BYTES=100000000
+
+NEW_RELIC_ENABLED=false
diff --git a/server.sh b/server.sh
index c7af818..c74144f 100755
--- a/server.sh
+++ b/server.sh
@@ -17,6 +17,7 @@ checkConfigFiles() {
   if [ ! -f ".env" ]; then echo "Could not find syncing-server environment file. Please run the './server.sh setup' command and try again." && exit 1; fi
   if [ ! -f "docker/api-gateway.env" ]; then echo "Could not find api-gateway environment file. Please run the './server.sh setup' command and try again." && exit 1; fi
   if [ ! -f "docker/auth.env" ]; then echo "Could not find auth environment file. Please run the './server.sh setup' command and try again." && exit 1; fi
+  if [ ! -f "docker/files.env" ]; then echo "Could not find file service environment file. Please run the './server.sh setup' command and try again." && exit 1; fi
 }
 
 checkForConfigFileChanges() {
@@ -36,6 +37,10 @@ compareLineCount() {
   AUTH_ENV_FILE_SAMPLE_LINES=$(wc -l docker/auth.env.sample | awk '{ print $1 }')
   AUTH_ENV_FILE_LINES=$(wc -l docker/auth.env | awk '{ print $1 }')
   if [ "$AUTH_ENV_FILE_SAMPLE_LINES" -ne "$AUTH_ENV_FILE_LINES" ]; then echo "The docker/auth.env file contains different amount of lines than docker/auth.env.sample. This may be caused by the fact that there is a new environment variable to configure. Please update your environment file and try again." && exit 1; fi
+
+  FILES_ENV_FILE_SAMPLE_LINES=$(wc -l docker/files.env.sample | awk '{ print $1 }')
+  FILES_ENV_FILE_LINES=$(wc -l docker/files.env | awk '{ print $1 }')
+  if [ "$FILES_ENV_FILE_SAMPLE_LINES" -ne "$FILES_ENV_FILE_LINES" ]; then echo "The docker/files.env file contains different amount of lines than docker/files.env.sample. This may be caused by the fact that there is a new environment variable to configure. Please update your environment file and try again." && exit 1; fi
 }
 
 COMMAND=$1 && shift 1
@@ -46,6 +51,7 @@ case "$COMMAND" in
     if [ ! -f ".env" ]; then cp .env.sample .env; fi
     if [ ! -f "docker/api-gateway.env" ]; then cp docker/api-gateway.env.sample docker/api-gateway.env; fi
     if [ ! -f "docker/auth.env" ]; then cp docker/auth.env.sample docker/auth.env; fi
+    if [ ! -f "docker/files.env" ]; then cp docker/files.env.sample docker/files.env; fi
     echo "Default configuration files created as .env and docker/*.env files. Feel free to modify values if needed."
     ;;
   'start' )
@@ -74,6 +80,24 @@ case "$COMMAND" in
     $DOCKER_COMPOSE_COMMAND up -d
     echo "Infrastructure started. Give it a moment to warm up. If you wish please run the './server.sh logs' command to see details."
     ;;
+  'create-subscription' )
+    EMAIL=$1
+    if [[ "$EMAIL" = "" ]]; then
+      echo "Please provide an email for the subscription."
+      exit 1
+    fi
+    shift 1
+
+    $DOCKER_COMPOSE_COMMAND exec db sh -c "MYSQL_PWD=\$MYSQL_ROOT_PASSWORD mysql \$MYSQL_DATABASE -e \
+      'INSERT INTO user_roles (role_uuid , user_uuid) VALUES ((SELECT uuid FROM roles WHERE name=\"PRO_USER\" ORDER BY version DESC limit 1) ,(SELECT uuid FROM users WHERE email=\"$EMAIL\")) ON DUPLICATE KEY UPDATE role_uuid = VALUES(role_uuid);' \
+    "
+
+    $DOCKER_COMPOSE_COMMAND exec db sh -c "MYSQL_PWD=\$MYSQL_ROOT_PASSWORD mysql \$MYSQL_DATABASE -e \
+      'INSERT INTO user_subscriptions SET uuid=UUID(), plan_name=\"PRO_PLAN\", ends_at=8640000000000000, created_at=0, updated_at=0, user_uuid=(SELECT uuid FROM users WHERE email=\"$EMAIL\"), subscription_id=1, subscription_type=\"regular\";' \
+    "
+
+    echo "Subscription successfully created. Please consider donating if you do not plan on purchasing a subscription."
+    ;;
   'stop' )
     echo "Stopping all service"
     $DOCKER_COMPOSE_COMMAND kill