Skip to content
English
  • There are no suggestions because the search field is empty.

Custom Upload Overview

This article highlights what our Custom Upload feature is and how it works.

Overview

Custom Upload is a general-purpose backup ingestion feature that enables Bunker customers to securely back up cryptographic materials, secrets, or wallet backups that fall outside of existing first-party wallet provider integrations. Custom Upload leverages the same cryptographic and policy controls as our first-party integrations—ensuring the same level of security, durability, and customer control—while supporting a broader range of backup sources and workflows.

Customer-Driven Encryption 

  • Customers enter a text or attach a file within the Bunker console. The customer selects a recovery policy and the Bunker console performs encryption of the customer-provided input in the browser. 
  • The Bunker console uploads the ciphertext where it continues to be managed identically to all other Bunker backups.

The backup, private key generation, and private key split and encryption, and recovery are managed identically as any other Bunker backup:

  • When custom upload is initiated, a backup encryption key (BEK) is generated inside a Nitro Enclave and split into customer, cloud, and HSM shares. Each share is encrypted to its respective domain. This occurs before the public key is released to the Bunker console for use as an encryption key.
     
  • Recovery is governed by the customer-defined, multi-party approval process. Bunker requires yubikey signatures to attest to policy approvals or denials and requires the customer to participate cryptographically by decrypting and providing the customer share as part of the recovery process.

  • Backup attestation, and system integrity checks, and customer device check-ins apply identically to custom-uploaded backups.

Use Cases

Custom Upload supports a wide range of high-value or sensitive backup scenarios, including:

  • Backup of infrastructure or application private keys
  • Disaster recovery copies of Ledger, Trezor, or other hardware wallet seed phrases
  • High-value secrets for business continuity (e.g., escrow keys, enterprise root certs)
  • Wallet backups for MetaMask or similar browser-based wallets
  • Backups for MPC wallet providers that don’t yet have first-party Bunker integrations