Bunker

Reference architectures

5 deployment patterns for institutional key backup and recovery: ingestion, trusted recovery, provider failover, jurisdictional deployment, and verifiable backups. Each shows the dataflow, components, and security considerations.

SaaS

Wallet backup ingestion pipeline

Fireblocks, Fordefi, and Utila push encrypted backups to dedicated endpoints. Bunker verifies, enrolls, and splits the key across 3 domains.

Integrations APINitro EnclaveShamir 3 of 3Multi region S3
SaaS

Provider failover recovery network

Transfer private key material to a standby wallet at another provider in minutes, without keys ever leaving hardened environments.

Recovery networkNitro EnclaveShamir re splitStandby wallet
On prem

Jurisdictional deployment with regional keys

Regional KMS, a regional CloudHSM, and in region customer devices keep every recovery component inside one jurisdiction.

Regional KMSRegional CloudHSMData residencyVerification reports
Hybrid

3 of 3 trusted recovery

Customer YubiKeys, an operations HSM, and cloud keys meet inside a TEE. The backup re encrypts to the customer and never exists in the clear outside.

FIDO2 YubiKeysCloudHSMLagrangeM of N approvals
Hybrid

Verifiable backups and cryptographic check ins

Quarterly device check ins and fingerprint scans prove to auditors and insurers that every backup can actually be recovered.

FIDO2 check insSHA 256 fingerprintsQuarterly scansVerification reports