Home / BeaverDeck / Docs / User Guide / Safe operation

Safe Operation Recommendations

Permissions: use the permission matrix to grant only the levels and namespaces required for each operator. Keep apply: edit, Secret reveal, delete access, and admin mode limited to users who need those capabilities.

Prefer Dry-run before Apply or manifest edits.
Use namespace-scoped roles for non-admin users.
Grant Secret reveal/edit access only to users who need decoded Secret data.
Keep an exported configuration backup before large auth provider, role, or mapping changes.
Use external identity providers and group mappings for shared operational access where possible.
Remember that login tokens are in-memory signed tokens with a 12-hour expiry; pod restarts require users to sign in again.