A system and method provide for shared access to a database in a semi-trusted platform. In the method, for each of a set of users, provision is made for regenerating a respective user key, based on a respective predefined user input, such as a hashed password. One or more of the users is authorized to have access to an encrypted database. For each of these, the method includes encrypting a key for the encrypted database with the respective user's user key to generate an encrypted database key. During a user session, one of the authorized users is provided with access to the encrypted database by decrypting the database key from the encrypted database key with the respective user's user key, and decrypting the database, from the encrypted database, with the database key. The database key and each user's user key are not stored on the platform and are thus inaccessible to platform administrators and unauthorized users between user sessions.