About Edge security

Edge is built with a security first approach. As an Edge or security administrator, you can use the information in this topic to verify that Edge meets your organization's data privacy and compliance standards.

In this topic, you will learn:

  • How Edge encrypts and protects your data.
  • How to manage logs and monitor the health of your capability jobs for troubleshooting.
  • How Edge authenticates with your data sources and service repositories.

Security highlights include:

  • Communication is secured via TLS 1.3.
  • The local cache is encrypted and purged every 24 hours or when the storage reached 1 GB.
  • No customer data is stored permanently on Edge.
  • You should extract job logs:
    • Within 10 minutes of a successful job.
    • Within an hour of a failed job.

Data storage and encryption

All communication channels are secured by TLS 1.3 and all endpoints outside of Edge are accessible only via authentication. Edge does not send or store any customer data, its purpose is to host capabilities that process the data in its own environment and to send on the processed results to Collibra Platform Self-Hosted.

Edge automatically encrypts all metadata, logs, and metrics stored in the local cache. The oldest data is purged from the cache every 24 hours or when the cache reaches 1 GB of data, whichever occurs first. This ensures the security of your data and the Collibra Platform Self-Hosted.

You are not required to make any changes to this security policy, and there is no impact on the functionality of your Edge sites.

Maintenance and observability

Monitoring and logging

Edge monitors and logs all interaction between an Edge site and Collibra Platform Self-Hosted, as well as the Edge site infrastructure health. Collibra stores all logs in a dedicated Datadog account.

You can pull Catalog connector logs for completed or failed capability jobs. These logs are generated in Edge as an .tgz file, and are not sent to your Collibra Platform Self-Hosted.These Catalog connector logs are by default turned off. If they are enabled, they are kept on the Edge site itself.

Important If you are troubleshooting an issue, you have to extract logs within 10 minutes of a successful completion or within 1 hour of a failed completion of the capability, and send them to Collibra Support via a support ticket.

For more information, go to the following resources:

Edgeservice repository

Edge deploys core CPSH services and business capabilities in the CPSH repository of your environment. This keeps Edge synchronized with your Collibra Platform Self-Hosted version. An Edge site uses token-based authentication with read privileges to download services for each release. The Edge site installer stores the authentication and endpoint to access the CPSH repository in the registries.yaml file.

You can edit registries.yaml file and access the registry independently, and download images for Edge to scan.

For more information about security scanning, go to Vulnerability and scanning reporting.

Data communication and access to data sources

Edge connections and capabilities use different ways to connect to data sources. The required level of privileges or security greatly depends on the data source type and supported Catalog Connectors.

Collibra regularly adds and certifies Catalog connectors. To understand the authentication methods and the level of security, go to the Catalog connector documentation.

For more information about how Edge communicates with third-parties, go to

What's next