Repository files navigation

Databunker is a self-hosted, GDPR compliant, Go-based tool for secure personal records tokenization and storage - PII/PHI/KYC:https://databunker.org/

Traditional database encryption solutions often provide a false sense of security. While they may encrypt data at rest, they leave critical vulnerabilities:

• Encryption alone isn’t enough: Most vendors offer only disk-block encryption, ignoring API-level encryption
• Vulnerable GraphQL Queries: Unfiltered queries can expose unencrypted data to attackers
• SQL Injection Risks: Attackers can retrieve plaintext data through SQL injections

Databunker addresses these gaps with a secure, developer-focused solution for personal data tokenization and storage.

• Tokenization Engine: Generates UUID tokens for safe data referencing in applications
• Encrypted Storage: Secures sensitive records with advanced encryption layer
• Injection Protection: Blocks SQL and GraphQL injection attacks by design
• Secure Indexing: Uses hash-based indexing for search queries
• No Plaintext Storage: Ensures all data is encrypted at rest
• Restricted Bulk Retrieval: Disabled by default to prevent data leaks
• API-Based Access: Integrates with your backend via a NoSQL-like API
• Fast Integration: Set up secure data protection in under 10 minutes

Forcredit-card tokenization orenterprise security features check out theDatabunker Pro.

Databunker provides a robust, open-source vault that eliminates the false sense of security from traditional encryption methods, offering developers a practical way to protect sensitive data.

• Self-Hosted: Run on your cloud or on-premises infrastructure
• Open-Source: Licensed under MIT for free commercial use
• GDPR Compliant: Meets modern privacy regulation requirements
• High Performance: Go-powered API ensures fast tokenization and data access

1. Store sensitive data in Databunker via API calls
2. Receive UUID tokens to reference data securely in your application
3. Query data using secure, hash-based indexing
4. Benefit from built-in protections against injections and bulk data leaks

# Pull and run Databunker containerdocker pull securitybunker/databunkerdocker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo# Create user recordscurl -s http://localhost:3000/v1/user -X POST \  -H"X-Bunker-Token: DEMO" \  -H"Content-Type: application/json" \  -d'{"first":"John","last":"Doe","login":"john","email":"user@gmail.com"}'# Get user by login, email, phone, or tokencurl -s -H"X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john# Admin UI: http://localhost:3000

1. Prevents Data Breaches

   • Eliminates SQL injection vulnerabilities
   • Protects against GraphQL data exposure
   • Segregates sensitive data from your main database

2. Simplifies Compliance

   • GDPR, CCPA, HIPAA ready out of the box
   • Built-in consent management
   • Automated data minimization
   • Full audit trail of all operations

3. Reduces Development Time

   • Simple REST API for all operations
   • SDK available for popular languages
   • Drop-in replacement for your user table
   • Built-in session management

Projectdemo is available at:https://databunker.org/doc/demo/.

Please add astar if you like our project.

• Encrypted Storage: All personal records are encrypted using AES-256
• Secure API: REST API with strong authentication
• Tokenization: Replace sensitive data with tokens in your main database
• Access Control: Fine-grained permissions and audit logging
• Data Segregation: Physical separation from your application database

// Node.js Exampleconst{ Databunker}=require('databunker-sdk');constdb=newDatabunker({url:'http://localhost:3000',token:'DEMO'});// Store user recordawaitdb.users.create({email:'user@example.com',name:'John Doe',phone:'+1-415-555-0123'});// Retrieve user by emailconstuser=awaitdb.users.findByEmail('user@example.com');

• User Profile Storage: Secure storage for user personal data
• Healthcare Records: HIPAA-compliant patient data storage
• Financial Services: PCI DSS compliant customer records
• Identity Management: Secure user authentication and session storage
• GDPR Compliance: Built-in tools for data privacy regulations

• Written in Go for high performance
• Supports MySQL and PostgreSQL
• REST API with OpenAPI specification
• Containerized deployment
• Horizontal scaling support
• Automated backups
• High availability options

1. GDPR compliance and Databunker introduction videohttps://www.youtube.com/watch?v=QESOuL3LMj0
2. https://oppetmoln.se/20220223/databunker-en-oppen-losning-for-gdpr-saker-lagring-av-kundinformation/
3. https://anchor.fm/techandmain/episodes/Huawei--Microsoft-and-DataBunker--Yuli-Stremovsky-evl385
4. https://www.freecodecamp.org/news/how-to-stay-gdpr-compliant-with-access-logs/
5. https://hackernoon.com/data-leak-prevention-with-databunker-xnn33u9
6. https://nocomplexity.com/documents/simplifyprivacy/databunker.html
7. https://marcusolsson.dev/data-privacy-vaults-using-databunker/
8. https://ipv6.rs/tutorial/FreeBSD_Latest/Databunker/
9. https://selfhostedworld.com/software/databunker
10. https://ipv6.rs/tutorial/Void_Linux/Databunker/
11. https://news.ycombinator.com/item?id=26690279
12. https://slashdot.org/software/p/Databunker/
13. https://github.com/expressjs/session
14. https://stackshare.io/databunker
15. https://dbweekly.com/issues/348
16. https://databunker.org/

1. Right of access
2. Right to restrict processing / Consent withdrawal
3. Right to be forgotten
4. Right to rectification
5. Right to data portability

Detailed information can be found athttps://databunker.org/use-case/

• A perfect backend for a KYC system for a crypto startup
• Temporary record identities for secure data exchange
• Audit trail and tracing customer profile changes
• Critical Data Segregation: Implementation Guide
• Continuous Data Protection for PII/PHI records
• Custom Privacy-Enhancing Technology - PET
• User rights and privacy controls
• PII/PHI storage and tokenization
• Automatic log retention policy
• Privacy by Design Compliance
• Simplify user login backend
• Consent Management Platform
• Personal Data minimization
• Secure session storage
• GDPR request workflow
• DPO Management Portal
• User privacy portal
• ISO27001 Compliance
• HIPAA Compliance
• GDPR Compliance
• SOC2 Compliance
• Pseudonymization
• Passport.js support

Help us to raise awareness. Please add a ⭐star and share this project with your friends.