Introduction to Key Access Justifications
Key Access Justifications provides a justification for every request to access keys stored in an external key manager. It lets you approve or deny the access request based on the provided justification. Using Key Access Justifications with Cloud External Key Manager provides visibility into requests for encryption keys that allows data to change state from at-rest to in-use.
For more information, see Overview of Key Access Justifications.
To learn about the core principles behind Google Cloud's administrative access controls, see Overview of administrative access controls.