Databunker: Get Started Now

Product brief

Databunker is a special secure storage system designed to store and protect Personally Identifiable Information (PII), Protected Health Information (PHI), PII, and KYC records. It was built to prevent sensitive data exposure through SQL injection and unfiltered GraphQL queries, offering superior protection compared to standard database encryption provided by major database or cloud vendors. Additionally, the product is fully compliant with GDPR regulations.

Databunker is a fully open-source project available under the commercially friendly MIT license.

The hidden risks of traditional database encryption

From security perspective conventional database encryption often provides only a false sense of security. Data is usually encrypted solely at the storage or disk level. In the event of SQL injection or incorrectly filtered GraphQL queries, malicious actors can effortlessly access your data in plain text.

Solution with Databunker

Databunker offers a paradigm shift in customer data protection:

  1. By default, bulk retrieval of user records is disabled, providing an additional layer of defense against potential breaches.
  2. Your backend communicates with Databunker through API calls, akin to NoSQL database practices, rather than relying on traditional SQL queries.
  3. To access user records, partial user information such as an email address coupled with an access token is required. Additionally, users can be looked up by their phone number, login name, or unique user ID (UUID token).
  4. Secure hash-based indexing is utilized for all search indexes by default, further fortifying data protection measures.
  5. Databunker ensures that no information is stored in clear text, enhancing overall security.

Pseudonymized identity

1. Databunker: Quick installation method

The easiest way to get started with Databunker is to run it as a Docker container:

docker run -p 3000:3000 -d --rm --name databunker securitybunker/databunker demo

This command starts a local container with a DEMO root access key. It can be used for testing and development. For a production installation, follow this installation guide.

Connecting to Databunker

You can interact with Databunker using:


2. Useful Databunker commands

Create a user record

curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \
  -H "Content-Type: application/json" \
  -d '{"first":"John","last":"Doe","login":"john","phone":"4444","email":""}'

Fetch user records by email

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/email/

Fetch user records by login

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john

Other commands:

For a full list of commands, see the API document.


3. Node.js examples

  1. Node.js example implementing passwordless login using Databunker:

  2. Node.js example with Passport.js, Magic.Link and Databunker:

  3. Secure Session Storage for Node.js apps:

Node.js modules

  1. @databunker/store from

  2. @databunker/session-store from


4. Convert existing project to use Databunker

If you intend to integrate Databunker into your existing project, you’ll need to transfer customer personal records to Databunker and utilize user tokens in UUID format in your primary database when referencing user records.

Converting sample project

In the following example, we’ll convert database schema to use user records stored in Databunker.

Original schema

Method 1: simple database reorganization

Using this method will require you to modify only the table of users. You will need to remove all personal data columns from the users table and leave it only with original userid/id and add usertoken. The usertoken' column will point to the user UUID record generated by Databunker.

Simple method

Advantages of this method

This method is suitable if you have a userid column linked from many tables or you have a very large database. Running the “alter table” command can take a lot of time to update your database structure.

Disadvantages of this method

One drawback here is that each user now has two identities. One userid and another usertoken.

Method 2: full database reorganization

You will have to go all over tables that have userid and add usertoken column instead. The usertoken is user identity in UUID format generated by Databunker.

Full reorganization

This method will require more changes on your database level and in your application code.


5. Support / Contact

You are welcome to email us at or join our slack channel: