About Edge security

Updated: March 12, 2026

Edge is built with a security first approach. As an Edge or security administrator, you can use the information in this topic to verify that Edge meets your organization's data privacy and compliance standards.

In this topic, you will learn:

• How Edge encrypts and protects your data.
• How to manage logs and monitor the health of your capability jobs for troubleshooting.
• How Edge authenticates with your data sources and service repositories.

Security highlights include:

• Communication is secured via TLS 1.3.
• The local cache is encrypted and purged every 24 hours or when the storage reached 1 GB.
• No customer data is stored permanently on Edge.
• You should extract job logs:
  • Within 10 minutes of a successful job.
  • Within an hour of a failed job.

Data storage and encryption

All communication channels are secured by TLS 1.3 and all endpoints outside of Edge are accessible only via authentication. Edge does not send or store any customer data, its purpose is to host capabilities that process the data in its own environment and to send on the processed results to Collibra Platform.

Edge automatically encrypts all metadata, logs, and metrics stored in the local cache. The oldest data is purged from the cache every 24 hours or when the cache reaches 1 GB of data, whichever occurs first. This ensures the security of your data and the Collibra Platform.

You are not required to make any changes to this security policy, and there is no impact on the functionality of your Edge sites.

Maintenance and observability

Monitoring and logging

Edge monitors and logs all interaction between an Edge site and Collibra Platform, as well as the Edge site infrastructure health. Collibra stores all logs in a dedicated Datadog account.

You can pull Catalog connector logs for completed or failed capability jobs. These logs are generated in Edge as an .tgz file, and are not sent to your Collibra Platform.These Catalog connector logs are by default turned off. If they are enabled, they are kept on the Edge site itself.

For more information, go to the following resources:

• Edge logging
• Create Metadata connector log file

Edgeservice repository

Edge deploys core Collibra services and business capabilities in the Collibra repository of your environment. This keeps Edge synchronized with your Collibra Platform version. An Edge site uses token-based authentication with read privileges to download services for each release. The Edge site installer stores the authentication and endpoint to access the Collibra repository in the registries.yaml file.

You can edit registries.yaml file and access the registry independently, and download images for Edge to scan.

For more information about security scanning, go to Vulnerability and scanning reporting.

Data communication and access to data sources

Edge connections and capabilities use different ways to connect to data sources. The required level of privileges or security greatly depends on the data source type and supported Catalog Connectors.

Collibra regularly adds and certifies Catalog connectors. To understand the authentication methods and the level of security, go to the Catalog connector documentation.

For more information about how Edge communicates with third-parties, go to

What's next

• Learn about how Edge communicated with Collibra and third-party services.
• Review Edge site system requirements.
• Create an Edge site.
• Install an Edge site.
• Learn about Edge connections.
• Learn about Edge capabilities.