diff --git a/app/models/attestation_template.rb b/app/models/attestation_template.rb
index 829638d5e..0d4e0bb37 100644
--- a/app/models/attestation_template.rb
+++ b/app/models/attestation_template.rb
@@ -3,8 +3,8 @@ class AttestationTemplate < ApplicationRecord
 
   belongs_to :procedure
 
-  mount_uploader :logo, AttestationTemplateImageUploader
-  mount_uploader :signature, AttestationTemplateImageUploader
+  mount_uploader :logo, AttestationTemplateLogoUploader
+  mount_uploader :signature, AttestationTemplateSignatureUploader
 
   validate :logo_signature_file_size
   validates :footer, length: { maximum: 190 }
diff --git a/app/uploaders/attestation_template_image_uploader.rb b/app/uploaders/attestation_template_logo_uploader.rb
similarity index 70%
rename from app/uploaders/attestation_template_image_uploader.rb
rename to app/uploaders/attestation_template_logo_uploader.rb
index 4baa5fe54..6b2f6034d 100644
--- a/app/uploaders/attestation_template_image_uploader.rb
+++ b/app/uploaders/attestation_template_logo_uploader.rb
@@ -1,4 +1,4 @@
-class AttestationTemplateImageUploader < BaseUploader
+class AttestationTemplateLogoUploader < BaseUploader
   def root
     File.join(Rails.root, 'public')
   end
@@ -23,4 +23,16 @@ class AttestationTemplateImageUploader < BaseUploader
   def extension_white_list
     %w(jpg jpeg png)
   end
+
+  def filename
+    if file.present?
+      "attestation-template-logo-#{secure_token}.#{file.extension.downcase}"
+    end
+  end
+
+  private
+
+  def secure_token
+    model.logo_secure_token ||= SecureRandom.uuid
+  end
 end
diff --git a/app/uploaders/attestation_template_signature_uploader.rb b/app/uploaders/attestation_template_signature_uploader.rb
new file mode 100644
index 000000000..a0e415a42
--- /dev/null
+++ b/app/uploaders/attestation_template_signature_uploader.rb
@@ -0,0 +1,38 @@
+class AttestationTemplateSignatureUploader < BaseUploader
+  def root
+    File.join(Rails.root, 'public')
+  end
+
+  # Choose what kind of storage to use for this uploader:
+  if Features.remote_storage
+    storage :fog
+  else
+    storage :file
+  end
+
+  # Override the directory where uploaded files will be stored.
+  # This is a sensible default for uploaders that are meant to be mounted:
+  def store_dir
+    unless Features.remote_storage
+      "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
+    end
+  end
+
+  # Add a white list of extensions which are allowed to be uploaded.
+  # For images you might use something like this:
+  def extension_white_list
+    %w(jpg jpeg png)
+  end
+
+  def filename
+    if file.present?
+      "attestation-template-signature-#{secure_token}.#{file.extension.downcase}"
+    end
+  end
+
+  private
+
+  def secure_token
+    model.signature_secure_token ||= SecureRandom.uuid
+  end
+end
diff --git a/db/migrate/20171019113449_add_logo_secure_token_column_to_attestation_template.rb b/db/migrate/20171019113449_add_logo_secure_token_column_to_attestation_template.rb
new file mode 100644
index 000000000..e1bf8462e
--- /dev/null
+++ b/db/migrate/20171019113449_add_logo_secure_token_column_to_attestation_template.rb
@@ -0,0 +1,5 @@
+class AddLogoSecureTokenColumnToAttestationTemplate < ActiveRecord::Migration[5.0]
+  def change
+    add_column :attestation_templates, :logo_secure_token, :string
+  end
+end
diff --git a/db/migrate/20171019113610_add_signature_secure_token_column_to_attestation_template.rb b/db/migrate/20171019113610_add_signature_secure_token_column_to_attestation_template.rb
new file mode 100644
index 000000000..84a2509f3
--- /dev/null
+++ b/db/migrate/20171019113610_add_signature_secure_token_column_to_attestation_template.rb
@@ -0,0 +1,5 @@
+class AddSignatureSecureTokenColumnToAttestationTemplate < ActiveRecord::Migration[5.0]
+  def change
+    add_column :attestation_templates, :signature_secure_token, :string
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 92b37cf27..48a55012d 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20171019085515) do
+ActiveRecord::Schema.define(version: 20171019113610) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -81,6 +81,8 @@ ActiveRecord::Schema.define(version: 20171019085515) do
     t.datetime "created_at",   null: false
     t.datetime "updated_at",   null: false
     t.integer  "procedure_id"
+    t.string   "logo_secure_token"
+    t.string   "signature_secure_token"
     t.index ["procedure_id"], name: "index_attestation_templates_on_procedure_id", unique: true, using: :btree
   end
 
diff --git a/spec/models/attestation_template_spec.rb b/spec/models/attestation_template_spec.rb
index 210871dc5..dcee5f093 100644
--- a/spec/models/attestation_template_spec.rb
+++ b/spec/models/attestation_template_spec.rb
@@ -2,8 +2,8 @@ describe AttestationTemplate, type: :model do
   describe 'validate' do
     let(:logo_size) { AttestationTemplate::FILE_MAX_SIZE_IN_MB.megabyte }
     let(:signature_size) { AttestationTemplate::FILE_MAX_SIZE_IN_MB.megabyte }
-    let(:fake_logo) { double(AttestationTemplateImageUploader, file: double(size: logo_size)) }
-    let(:fake_signature) { double(AttestationTemplateImageUploader, file: double(size: signature_size)) }
+    let(:fake_logo) { double(AttestationTemplateLogoUploader, file: double(size: logo_size)) }
+    let(:fake_signature) { double(AttestationTemplateSignatureUploader, file: double(size: signature_size)) }
     let(:attestation_template) { AttestationTemplate.new }
 
     before do