GitHub - securitybunker/databunker: Secure Vault for Customer PII/PHI/PCI/KYC Records (original) (raw)

Databunker

Databunker is a self-hosted, GDPR compliant, Go-based tool for secure personal records tokenization and storage - PII/PHI/KYC: https://databunker.org/

Databunker intro

💣 The Big Problem with Traditional Database Encryption

Traditional database encryption solutions often provide a false sense of security. While they may encrypt data at rest, they leave critical vulnerabilities:

• Encryption alone isn’t enough: Most vendors offer only disk-block encryption, ignoring API-level encryption
• Vulnerable GraphQL Queries: Unfiltered queries can expose unencrypted data to attackers
• SQL Injection Risks: Attackers can retrieve plaintext data through SQL injections

Databunker addresses these gaps with a secure, developer-focused solution for personal data tokenization and storage.

🛠️ DataBunker Features

• Tokenization Engine: Generates UUID tokens for safe data referencing in applications
• Encrypted Storage: Secures sensitive records with advanced encryption layer
• Injection Protection: Blocks SQL and GraphQL injection attacks by design
• Secure Indexing: Uses hash-based indexing for search queries
• No Plaintext Storage: Ensures all data is encrypted at rest
• Restricted Bulk Retrieval: Disabled by default to prevent data leaks
• API-Based Access: Integrates with your backend via a NoSQL-like API
• Fast Integration: Set up secure data protection in under 10 minutes

For credit-card tokenization or enterprise security features check out the Databunker Pro.

⚡ Why Databunker?

Databunker provides a robust, open-source vault that eliminates the false sense of security from traditional encryption methods, offering developers a practical way to protect sensitive data.

🚀 Deployment & Usage

• Self-Hosted: Run on your cloud or on-premises infrastructure
• Open-Source: Licensed under MIT for free commercial use
• GDPR Compliant: Meets modern privacy regulation requirements
• High Performance: Go-powered API ensures fast tokenization and data access

🔐 How It Works

1. Store sensitive data in Databunker via API calls
2. Receive UUID tokens to reference data securely in your application
3. Query data using secure, hash-based indexing
4. Benefit from built-in protections against injections and bulk data leaks

🚀 Quick Start (5 minutes)

Pull and run Databunker container

docker pull securitybunker/databunker docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo

Create user records

curl -s http://localhost:3000/v1/user -X POST
-H "X-Bunker-Token: DEMO"
-H "Content-Type: application/json"
-d '{"first":"John","last":"Doe","login":"john","email":"user@gmail.com"}'

Get user by login, email, phone, or token

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john

Admin UI: http://localhost:3000

💡 What Problems Does Databunker Solve?

1. Prevents Data Breaches
   • Eliminates SQL injection vulnerabilities
   • Protects against GraphQL data exposure
   • Segregates sensitive data from your main database
2. Simplifies Compliance
   • GDPR, CCPA, HIPAA ready out of the box
   • Built-in consent management
   • Automated data minimization
   • Full audit trail of all operations
3. Reduces Development Time
   • Simple REST API for all operations
   • SDK available for popular languages
   • Drop-in replacement for your user table
   • Built-in session management

Project demo is available at: https://databunker.org/doc/demo/.

Please add a star if you like our project.

🔒 Key Security Features

• Encrypted Storage: All personal records are encrypted using AES-256
• Secure API: REST API with strong authentication
• Tokenization: Replace sensitive data with tokens in your main database
• Access Control: Fine-grained permissions and audit logging
• Data Segregation: Physical separation from your application database

🔌 Integration Examples

// Node.js Example const { Databunker } = require('databunker-sdk'); const db = new Databunker({ url: 'http://localhost:3000', token: 'DEMO' });

// Store user record await db.users.create({ email: 'user@example.com', name: 'John Doe', phone: '+1-415-555-0123' });

// Retrieve user by email const user = await db.users.findByEmail('user@example.com');

📊 Use Cases

• User Profile Storage: Secure storage for user personal data
• Healthcare Records: HIPAA-compliant patient data storage
• Financial Services: PCI DSS compliant customer records
• Identity Management: Secure user authentication and session storage
• GDPR Compliance: Built-in tools for data privacy regulations

🔧 Technical Specifications

• Written in Go for high performance
• Supports MySQL and PostgreSQL
• REST API with OpenAPI specification
• Containerized deployment
• Horizontal scaling support
• Automated backups
• High availability options

📚 Resources

1. GDPR compliance and Databunker introduction video https://www.youtube.com/watch?v=QESOuL3LMj0
2. https://oppetmoln.se/20220223/databunker-en-oppen-losning-for-gdpr-saker-lagring-av-kundinformation/
3. https://anchor.fm/techandmain/episodes/Huawei--Microsoft-and-DataBunker--Yuli-Stremovsky-evl385
4. https://www.freecodecamp.org/news/how-to-stay-gdpr-compliant-with-access-logs/
5. https://hackernoon.com/data-leak-prevention-with-databunker-xnn33u9
6. https://nocomplexity.com/documents/simplifyprivacy/databunker.html
7. https://marcusolsson.dev/data-privacy-vaults-using-databunker/
8. https://ipv6.rs/tutorial/FreeBSD_Latest/Databunker/
9. https://selfhostedworld.com/software/databunker
10. https://ipv6.rs/tutorial/Void_Linux/Databunker/
11. https://news.ycombinator.com/item?id=26690279
12. https://slashdot.org/software/p/Databunker/
13. https://github.com/expressjs/session
14. https://stackshare.io/databunker
15. https://dbweekly.com/issues/348
16. https://databunker.org/

📘 GDPR: Out of the box solution for:

1. Right of access
2. Right to restrict processing / Consent withdrawal
3. Right to be forgotten
4. Right to rectification
5. Right to data portability

⚡ Databunker use cases

Detailed information can be found at https://databunker.org/use-case/

• A perfect backend for a KYC system for a crypto startup
• Temporary record identities for secure data exchange
• Audit trail and tracing customer profile changes
• Critical Data Segregation: Implementation Guide
• Continuous Data Protection for PII/PHI records
• Custom Privacy-Enhancing Technology - PET
• User rights and privacy controls
• PII/PHI storage and tokenization
• Automatic log retention policy
• Privacy by Design Compliance
• Simplify user login backend
• Consent Management Platform
• Personal Data minimization
• Secure session storage
• GDPR request workflow
• DPO Management Portal
• User privacy portal
• ISO27001 Compliance
• HIPAA Compliance
• GDPR Compliance
• SOC2 Compliance
• Pseudonymization
• Passport.js support

Help us to raise awareness. Please add a ⭐ star and share this project with your friends.