Getting Started with Databunker

Databunker intro

Daily occurrences of personal data leaks stresses the need for robust security measures. That’s why we created Databunker – a secure storage system designed specifically for safeguarding Personally Identifiable Information (PII), Protected Health Information (PHI), and customer records. It was built to prevent sensitive data exposure via SQL injection and unfiltered GraphQL queries. The product provides a better solution to a regular database encryption provided by Database or Cloud vendors. In addition, our product is fully GDPR compliant.

Let’s be honest about database encryption; most solutions provide only a false sense of security. Data is typically encrypted solely at the storage or disk level. If your website falls victim to SQL injection or has incorrectly filtered GraphQL queries, malicious actors can easily access your data in plain text.

Solution with Databunker

Instead of talking to Databunker using SQL, your backend will have to call an API function to retrieve specific user details. It is similar to any NoSQL database API. You can only lookup user records if you know his email address, phone number or unique user ID (UUID token).

By default, Databunker does not allow dumping all user records at once. This API call is disabled. Databunker encrypts customer records and builds a secure search index for quick user lookup (i.e. using email, token, etc…).

Pseudonymized identity

1. Databunker setup

The easiest way to get started with Databunker is to run it as a Docker container:

docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo

This command starts a local container with a DEMO root access key. It can be used for testing and development. For a production installation, follow this installation guide.

Connecting to Databunker

You can interact with Databunker using:

Web Console listening on port 3000: localhost:3000
REST API listening on port 3000: localhost:3000

2. Move your user records to Databunker

If you want to use Databunker in your existing project you need to move customer data to Databunker and adapt your database schema to use usertoken (using UUID format).

Original database schema

In this example, we’ll convert the following database schema to use user records stored in Databunker.

Ogiginal schema

Method 1: simple database reorganization

Using this method will require you to modify only the table of users. You will need to remove all personal data columns from the users table and leave it only with original userid/id and add usertoken. The usertoken' column will point to the user record UUID generated by Databunker.

Simple method

Advantages of this method

This method is suitable if you have a userid column linked from many tables or you have a very large database. Running the “alter table” command can take a lot of time to update your database structure.

Disadvantages of this method

One drawback here is that each user now has two identities. One userid and another usertoken.

Method 2: full database reorganization

You will have to go all over tables that have userid and add usertoken column instead. The usertoken is user identity in UUID format generated by Databunker.

Full reorganization

This method will require more changes on your database level and in your application code.

3. Some usefull Databunker commands

Create a user record

curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \
  -H "Content-Type: application/json" \
  -d '{"first":"John","last":"Doe","login":"john","phone":"4444","email":"user@gmail.com"}'

Fetch user records by email

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/email/user@gmail.com

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john

Other commands:

For a full list of commands, see the API document.

4. Node.js examples

Node.js example implementing passwordless login using Databunker: https://github.com/securitybunker/databunker-nodejs-passwordless-login
Node.js example with Passport.js, Magic.Link and Databunker: https://github.com/securitybunker/databunker-nodejs-example
Secure Session Storage for Node.js apps: https://databunker.org/use-case/secure-session-storage/#databunker-support-for-nodejs

Node.js modules

@databunker/store from https://github.com/securitybunker/databunker-store
@databunker/session-store from https://github.com/securitybunker/databunker-session-store

5. Support / Contact

Slack Channel

Last updated on May 5, 2019