One of the security design principles is scope reduction and data minimization.
Data minimization stands that organizations should keep customer data at a minimum only sufficient to provide a service.
From the official GDPR Art. 5. Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
By storing customer personal data in the Databunker, you basically minimize the attack outcome from your existing database, thus minimizing the business risk factors.
Suppose, the bad actor finds an SQL injection in your web app database. He might get access to some data. This data will not be personal as this information is stored outside of your existing database (in Databunker).
When you clean up your databases from personal records (PII) and use the Datbunker token instead, you are basically doing data minimization and GDPR scope reduction.
The service live demo is available at https://demo.databunker.org/
Demo user credentials:
The easiest way to get started with Databunker is to run it as a Docker container:
docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo
This command starts a local container with a DEMO
root access key. You can use it for the development or testing purposes. For a production installation, follow this installation guide.
You can interact with Databunker using:
3000
: localhost:30003000
: localhost:3000curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \
-H "Content-Type: application/json" \
-d '{"first":"John","last":"Doe","login":"john","phone":"4444","email":"user@gmail.com"}'
curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/email/user@gmail.com
curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john
For a full list of commands, follow the API document.