These documents are stored in database without encryption and anyone with access to server could read it!
I don't know what degree of access have those guys you don't want to access your data. But you should understand that if they can gain access to your secret keys than they can gain access to your documents anyway.
Probably I'm making possibly wrong assumption that your code which decrypts documents will run on same server.
If it is so then I'll ask just a couple of questions. Where are your secret keys going to be stored? On same server? If it is going to be entered each time documents are being decrypted will those bad guys be able to modify your scripts to steal your secret keys?
--
Ilya Martynov
(http://martynov.org/)