Skip to main content

Security and Operations

James Herring
Updated

This article covers questions about where Precision Bridge stores data, how credentials and project files are protected, and how the application interacts with Precision Bridge's own infrastructure.

Where Data Lives

Precision Bridge is an on-premises application. All project files, connection definitions, logs, and execution reports are written to a local data directory:

  • Docker build: /pb inside the container, backed by a host volume you mount when starting the container.
  • Windows Native build: %LOCALAPPDATA%\PrecisionBridge on Windows.

Migrated record data passes through Precision Bridge in memory during execution. Once a Migrate Records step has loaded a chunk into the target system, the chunk is released — Precision Bridge does not retain a persistent copy of migrated records. Execution reports and logs contain summary information and (for failed records) the source record data needed to diagnose the failure, but not the full migrated dataset.

What Leaves the Local Environment

The application makes outbound network calls to:

  • Your configured source and target systems — to extract and load records. This is the whole point of a migration.
  • The Precision Bridge licence service — to validate the licence file periodically. This call sends licence identifiers, not project data.

It does not send your project files, your credentials, your migrated records, or your execution reports to Precision Bridge. Telemetry is not collected.

Credential Protection

Connection credentials (usernames, passwords, API tokens) are encrypted at rest in the project file using AES. Plain-text credentials are never written to disk. Credentials are decrypted into memory only when a connection is being used — during a test action, a connection refresh, or a procedure execution.

For systems that support it, prefer token-based or OAuth authentication over username/password — these tokens are still encrypted at rest but can be rotated or revoked centrally on the source system if needed.

Custom Certificates

If your source or target system uses an internal certificate authority or a self-signed certificate, upload the issuing CA certificate via the Custom Certificates section in Settings. Precision Bridge will then verify TLS connections against it without disabling verification.

Disabling certificate verification per-connection is supported but strongly discouraged — it is only intended as a diagnostic shortcut while you trace a certificate chain issue. See SSL Certificates.

Logging and Auditability

Every procedure execution produces:

  • An execution report with extracted/inserted/updated/skipped/failed counts and per-step timings.
  • A log capturing each step's actions, including filter values, batch sizes, errors, and any output from custom scripts (pb.log calls, stdout, stderr).
  • For failed records, the source record data and the underlying error message.

The execution report is exportable to CSV. Logs are kept on the local data volume until you remove them. Schedule rotation of the log directory if you run high-volume migrations on the Docker build.

Multi-User Access

The Docker build supports multi-user access — multiple users can connect to the same Precision Bridge instance from their own browsers and collaborate on projects. User-level configuration (preferences, session state) is per-user; project files are shared.

The Native build is intentionally single-user — it runs as a desktop application bound to the Windows account that launched it.

Backups

Project files, connection definitions, custom certificates, and execution history are all captured by the in-app Export Volume action. Open Preferences → Export Volume and click Export Volume to download a ZIP archive of the full data volume — Projects, Templates, Connections, Custom Functions, Adaptors, Proxies, Logs, and configuration files. The same action is available on both builds; the underlying location is handled for you (a mounted volume in Docker, the local user profile in the Windows Native build).

To restore an archive, use Preferences → Import Volume. You can also use Import Volume to upload individual files into the data volume.

Encrypted credentials in the archive remain encrypted; the AES key is embedded in the application binary, so restoring an archive onto another machine running the same Precision Bridge release will decrypt successfully.

Upgrading

Project files are forward-compatible across Precision Bridge 10 minor releases — opening a project saved by an older PB10 in a newer PB10 is supported, and the upgrade migration runs transparently on first open.

For the Docker build, upgrading is a matter of pulling the newer image and restarting. For the Native build, run the latest installer.

If you are migrating from a pre-PB10 version, contact help@precisionbridge.net — older Form Mappings can be imported into PB10 projects with the appropriate conversion path.

Where to Direct a Support Request

All support and licence requests go to help@precisionbridge.net. For a support request, include:

  • The Precision Bridge version (visible in Settings).
  • The execution report CSV (downloadable from the execution view).
  • A short description of what you expected to happen and what actually happened.

Including the execution report short-circuits most diagnostic back-and-forth.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk