Supported services

Key Access Justifications supports all services supported by Assured Workloads for Sovereign Controls for EU. In addition, Key Access Justifications supports the following Google Cloud products:

Service Status
AlloyDB for PostgreSQL GA
Backup for GKE GA
Cloud Data Loss Prevention GA
Cloud Monitoring GA
Filestore GA
Firestore GA
Secret Manager GA
Vertex AI Workbench GA

If Key Access Justifications is in Preview for a service, Google recommends that you don't use Key Access Justifications in production for that service. You should use Key Access Justifications for a service in production only if Key Access Justifications for that service is in General Availability (GA). This includes transitive usage of unintegrated or Preview services that don't themselves store data encrypted using customer keys, because all services involved in servicing a request must have a GA Key Access Justifications integration status for Google to reliably generate justifications.

If you are unable to avoid using a service for which Key Access Justifications isn't in GA in your workloads that depend on Key Access Justifications, then you must also allow REASON_NOT_EXPECTED, REASON_UNSPECIFIED, and CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING justifications in your Key Access Justifications policies or risk outages.