Supported services
Key Access Justifications supports all services supported by Assured Workloads for Sovereign Controls for EU. In addition, Key Access Justifications supports the following Google Cloud products:
| Service | Status |
|---|---|
| AlloyDB for PostgreSQL | GA |
| Backup for GKE | GA |
| Cloud Data Loss Prevention | GA |
| Cloud Monitoring | GA |
| Filestore | GA |
| Secret Manager | GA |
| Vertex AI Workbench | GA |
If Key Access Justifications is in Preview for a service, Google recommends that you don't use Key Access Justifications in production for that service. You should use Key Access Justifications for a service in production only if Key Access Justifications for that service is in General Availability (GA). This includes transitive usage of unintegrated or Preview services that don't themselves store data encrypted using customer keys, because all services involved in servicing a request must have a GA Key Access Justifications integration status for Google to reliably generate justifications.
If you are unable to avoid using a service for which Key Access Justifications isn't in GA in
your workloads that depend on Key Access Justifications, then you must also allow
REASON_NOT_EXPECTED, REASON_UNSPECIFIED, and
CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING justifications in your Key Access Justifications
policies or risk outages.