Databunker is an open-source, Go-based tool for secure personal data tokenization and storage. It can be deployed using Docker Compose or a Kubernetes Helm chart and is designed to help developers protect sensitive data such as PII, PHI, and KYC with minimal effort.
💣 The Big Problem with Traditional Database Encryption Traditional database encryption solutions often provide a false sense of security. While they may encrypt data at rest, they leave critical vulnerabilities:
If you intend to integrate Databunker with your existing project, you’ll need to save customer personal records in Databunker. You can use user token, user email, user login, phone number, or a custom index to look for user details stored in Databunker.
Converting a sample project Take a look at the following database schema. Instead of storing user records in the users table, they will be securely stored in Databunker.
Step 1: Starting the Databunker container The easiest way to start using Databunker is by running it as a Docker container. Once the container is running, Databunker opens port 3000 and listens for incoming requests.
To launch Databunker with a DEMO root access key, ideal for local testing and development, use the following command:
1 docker run -p 3000:3000 -d --rm --name databunker securitybunker/databunker demo For detailed installation instructions, please refer to the full installation guide.
Databunker comes with an optional built-in UI interface.
Demo site: https://demo.databunker.org/
User and root user credentials:
User phone: 4444 User code: 4444 Root token: DEMO 👋 Guided tour Curious to see Databunker or Databunker Pro in action?
Book a call today 🚀
Examples Passwordless Login with Databunker: GitHub Repository
Node.js Example with Passport.js, Magic.Link, and Databunker: GitHub Repository
Secure Session Storage for Node.js Apps: Detailed Guide
Node.JS modules @databunker/store from https://github.com/securitybunker/databunker-store
@databunker/session-store from https://github.com/securitybunker/databunker-session-store
Next steps
What is Databunker? Getting started guide Detailed installation guide Databunker online demo
Test 1. Storing one million PII records using AWS EKS & RDS (22.01.2022) For the test we deployed Databunk open-source in AWS cloud using the Terraform and Helm Charts.
During the test only one EKS node was created to run a Databunker container and one virtual server to run MySQL RDS.
Performance results when using t3.xlarge virtual servers We used db.t3.xlarge for the database server and t3.xlarge for the Kubernetes node.
Databunker is a vault for personal records with a twist.
Vault products are well-known. For example Hashicorp Vault, or cloud-based tools like AWS Secret Manager or GCP Secret Manager. These tools store binary secret values in encrypted form. These secret values can be database passwords, user private keys, or API tokens. The vault knows to encrypt the secret value and store it and provide an API for easy access.
Method 1: Quick installation The easiest way to start using Databunker is to deploy it as a standard Docker container with minimal parameters. In this setup, it uses an internal SQLite database to store encrypted records. You can use DEMO as a root token when making API requests Disadvantages:
Utilizes a local SQLite database for storing encrypted records Lack of security; using DEMO as a root access token Not recommended for production use Run the following commands to start Databunker:
Information security’s primary focus is the balanced protection of confidentiality, integrity, and availability of data. We will review Databunker and Databunker Pro security features based on these characteristics.
Databunker and Databunker Pro are built to follow privacy-by-design principles. These principles are an integrated part of the GDPR, CPRA, SOC2 privacy section. Databunker allows you to build privacy by design compliant solutions, and to follow data minimization requirements. When using Databunker, every API request generates an audit trail. Databunker can be used as a consent management system and as a repository for processing operations. It serves as an external storage according to pseudonymization definition and complies with Schrems II cross-border personal data transfer implementation.
Does Databunker work as CRUD for user records? Yes, secure user record CRUD is just a part of Databunker. When saving records in Databunker, it extracts user email, phone, login identity, and custom identity, building a secure hash-based index for quick user record lookup.
Additionally, Databunker provides:
Secure session storage API Temporary shareable identities API Automatic record expiration and removal Compliance with pseudonymization DPO management tool User-accessible UI And many more features How do I search for all orders from a user named John? Databunker supports customer record lookup by login name, email address, phone number, or token value. If you have one of these values, you can fetch customer orders from the orders table.