Other Considerations
Access to Databases
TIBCO Control Plane requires that customers (self-hosted TIBCO Control Plane) or third parties (TIBCO Operated Control Plane) provide SQL databases for data persistence. All security tokens are stored in an irreversible secure hash format. This prevents someone with read-access to impersonate other users. Customers must obviously guard against unauthorized write access to the database.
Access to Kubernetes
Kubernetes administrator can have outsized power over the whole system. While such access is unavoidable, customers are advised to log, audit, and control overall Kubernetes access by such users. Especially sensitive areas include direct access to the pods and Kubernetes secrets.