Backups control assets worth millions to billions and are expected to work, unannounced, on the worst day. The question is not whether keys are encrypted. It is who must show up for them to decrypt.
Key custody splits 3 ways: customer YubiKeys, a Station70 HSM, and cloud keys. Recovery requires your quorum, and final decryption happens with your participation. Not even Station70 can reconstruct a backup alone.
Recovery keys stay online inside the vendor’s cloud enclave, with recovery initiated through the vendor’s portal. However hardened, 1 environment under 1 vendor’s administration carries all the trust.
Encrypted USB drives in vaults, seed phrases in safes, spreadsheets of shards. Unverified, unauditable, and dependent on the memory and availability of whoever set it up.
The architectural difference shows up in every row: who holds custody, who governs recovery, and who has to prove readiness.
* Statements regarding third party products are based on publicly available information and third party security assessments as of the date of publication, are provided for general comparison only, and are not warranted for accuracy or completeness. Product capabilities may change without notice. All trademarks are the property of their respective owners. No affiliation or endorsement is implied.
Customers on a competitor’s service get white glove migration and pay zero Bunker fees for the remaining duration of their competitor contract term, with a subsequent 12 month Bunker agreement.
A single environment is a single point of compromise, however hardened. Bunker requires 3 separate domains under separate administration to ever meet: your FiDO compliant hardware keys, a Station70 HSM, and cloud keys. Compromise of any 1, including Station70 itself, recovers nothing.
Customer test recoveries average about 7 minutes. Quarterly cryptographic check ins verify every component: your devices sign in, cloud keys respond, and every ciphertext matches its fingerprint. The result is a verification report you can hand to auditors and insurers.
Bunker transfers private key material to a standby wallet at another provider in minutes, proven in live migrations on the recovery network. Keys stay inside hardened environments the whole way; you seamlessly shift underlying wallet platforms instead of waiting out an outage.
Bunker is recovery only. It never signs transactions, constructs them, or touches your day to day operations.
Customer participation in recovery is cryptographically mandatory, not a policy promise. There is no admin override.
Readiness is proven quarterly through check ins and fingerprint scans, not assumed between disasters.
Bring your current backup setup. We will walk the trust model, the quorum design, and a live test recovery.
Learn more