Supported services
Key Access Justifications supports the following Google Cloud products:
| Service | Status |
|---|---|
| Artifact Registry | GA |
| BigQuery | GA |
| Cloud Bigtable | GA |
| Cloud Composer | GA |
| Cloud Data Loss Prevention | GA |
| Cloud Logging | GA |
| Cloud Spanner | GA |
| Cloud Storage | GA |
| Cloud SQL | GA |
| Compute Engine | GA |
| Dataflow | GA |
| Dataproc | GA |
| Google Kubernetes Engine | GA |
| Persistent Disk | GA |
| Pub/Sub | GA |
| Secret Manager | GA |
If Key Access Justifications is in Preview for a service, Google recommends that you don't use Key Access Justifications in production for that service. You should use Key Access Justifications for a service in production only if Key Access Justifications for that service is in General Availability (GA). This includes transitive usage of unintegrated or Preview services that don't themselves store data encrypted using customer keys, because all services involved in servicing a request must have a GA Key Access Justifications integration status for Google to reliably generate justifications.
If you are unable to avoid using a service for which Key Access Justifications isn't in GA in
your workloads that depend on Key Access Justifications, then you must also allow
REASON_NOT_EXPECTED and REASON_UNSPECIFIED justifications in your
Key Access Justifications policies or risk outages.