Conditional Role-Based Access Control (CRBAC) is an advanced access control system that extends traditional Role-Based Access Control (RBAC) by introducing dynamic conditions that determine access rights.
CRBAC is particularly useful for businesses that need to comply with various privacy laws, such as:
DPDPA (India’s Digital Personal Data Protection Act)
FERPA (Family Educational Rights and Privacy Act in the USA), which governs student education records
GDPR (General Data Protection Regulation in the EU)
How Databunker Works When sensitive data enters your system, Databunker instantly encrypts, tokenizes, and stores it in a secure vault. You get back a safe token to store anywhere — even in public databases.
You can run Databunker in the cloud or on-premises, you can enable your enterprise customers to self-host their PII vault in any region, which solves PII export restrictions and reduces compliance risk.
Only authorized requests can retrieve the original data. Even if your application database is breached, attackers get meaningless tokens.
Databunker Pro End-User License Agreement (EULA)
Last Updated: October 30, 2024
This End-User License Agreement (“EULA”) is a legal agreement between you (“Licensee” or “you”) and Stremovsky, an Israel-based company or its subsidiary companies (“Licensor” or “we”), governing the use of the Databunker Pro software product (“Software”).
By purchasing and using the Software, you agree to the terms of this EULA. If you do not agree, do not purchase or use the Software.
Databunker Pro SDKs & API Clients With the help of popular AI tools like Cursor.AI, you can integrate the Databunker Pro API in just minutes.
Available SDKs JavaScript / TypeScript: GitHub Java: GitHub PHP: GitHub Python: GitHub API Resources Official Repository: GitHub OpenAPI Specification: openapi.yaml Online Documentation: Docs Try the API in a Sandbox Explore how Databunker Pro works with ready-to-use examples, running against a real API server:
Secure user profile storage Credit card and PCI tokenization Consent storage and management
Encryption key rotation is a critical process in Databunker Pro to maintain the confidentiality and integrity of sensitive data. The Wrapping Key, which encrypts the Master Key, is rotated periodically as part of this process to enhance security.
What is the Master Key? The Master Key is the core encryption key used to protect sensitive data. It is never exposed and is encrypted using a Wrapping Key for additional security.
Databunker Pro features two tokenization engines. The original open-source version supported only tokenization for PII, PHI, and KYC records. The professional version adds a new secure format-preserving tokenization engine.
For instance, Databunker Pro can now tokenize credit card numbers. Unlike other solutions on the market, Databunker Pro was built with the latest data privacy requirements in mind, such as data minimization.
The product was built to handle millions of data tokenization requests, and the Databunker Pro API has been extended to support bulk tokenization requests.
📥 Clone Databunker Pro Setup Repository All installation scripts and configuration files are available in our public GitHub repository:
🔗 https://github.com/securitybunker/databunkerpro-setup
To get started, clone this public repository:
1 2 git clone https://github.com/securitybunker/databunkerpro-setup.git cd databunkerpro-setup This repository contains:
Helm charts for Kubernetes deployment Docker Compose configurations for both MySQL and PostgreSQL Setup scripts for generating initial credentials and keys Production-ready configurations with external database support 🐳 Deploy Databunker Pro via Docker Compose 1. Choose Your Database After cloning the repository, navigate to the appropriate directory:
The Master Key is a critical component of Databunker Pro’s security architecture. It serves as the primary encryption key for protecting sensitive data stored within the system.
Key Points: The Master Key is automatically generated during the initial setup of Databunker Pro. Unlike the open-source version, the Master Key is never exposed in the Pro Version. The Master Key is encrypted using a Wrapping Key, adding an extra layer of security. Enhanced Security in Pro Version: In Databunker Pro, the Master Key’s security is significantly strengthened compared to the open-source version:
Databunker Pro supports multi-tenancy, allowing you to manage multiple tenants within a single instance. This document outlines the API endpoints for creating, managing, and interacting with tenants.
Create Tenant Creates a new tenant in the Databunker Pro system.
1 2 curl -H 'X-Bunker-Token: ROOT-ACCESS-TOKEN' -X POST /v2/TenantCreate \ --data '{"tenantorg":"testorg","tenantname":"testname"}' Request Body Field Type Description name string The name of the tenant. Must match the format: [a-z0-9]+ org string The organization slug associated with the tenant Response Field Type Description status string Operation status (“ok” if successful) xtoken string Tenant access token in UUID format Example Response 1 2 3 4 { "status": "ok", "xtoken": "TENANT-ACCESS-TOKEN" } Notes The TENANT-ACCESS-TOKEN is a special token to authenticate all tenant related commands. For example create user records. Create a Tenant User Account You have two methods to specify the tenant name: you can either use the X-Bunker-Tenant HTTP header or include the tenant name in the hostname. If the X-Bunker-Tenant header is missing, Databunker Pro will attempt to retrieve the tenant name from the subdomain in the hostname. If neither option is available, a default tenant is used.
In today’s data-driven world, protecting personally identifiable information (PII) isn’t just a compliance requirement—it’s a business imperative. Databunker Pro’s PII Vault provides enterprise-grade secure storage and tokenization for sensitive personal data, enabling organizations to build privacy-by-design solutions while maintaining operational efficiency.
When sensitive data enters your system, Databunker instantly encrypts, tokenizes, and stores it in a secure vault. You get back a safe token to store anywhere — even in public databases.