CKBunker documentation

Last updated: 2026-07-07 · Source-backed CKBunker/COLDCARD documentation.

Direct answer: CKBunker documentation for COLDCARD HSM setup, policy rules, PSBT signing, and security model.

CKBunker is a COLDCARD HSM helper: it runs on a computer connected to a COLDCARD, exposes a local or Tor-accessible web interface, and submits signing requests that the COLDCARD accepts or rejects according to its approved policy.

Advanced workflow: Always test with small amounts. HSM mode is designed for operators who understand PSBTs, COLDCARD setup, Tor, and policy-based spending limits.

Start here

Install

Set up Python, dependencies, Tor, and a COLDCARD connected over USB.

HSM policy

Understand amount limits, velocity, whitelists, user approvals, local confirmation, logging, and boot-to-HSM.

PSBT signing

Use CKBunker for day-to-day PSBT upload, approval, signing, and broadcasting workflows.

Security model

Know what the Bunker host can see, what the COLDCARD enforces, and how to reduce local-operator risk.

Architecture in one paragraph

The CKBunker host makes remote operation convenient, but the COLDCARD remains the signing boundary. You configure an HSM policy, approve it on-device, then let remote users request signatures through the Bunker. The policy decides whether the request may be signed; the host should not be treated as a trusted key holder.

CKBunker dashboard
The web interface coordinates PSBT upload and approvals while COLDCARD enforces policy.