public sealed class KeyAccessJustificationsPolicy : IMessage<KeyAccessJustificationsPolicy>, IEquatable<KeyAccessJustificationsPolicy>, IDeepCloneable<KeyAccessJustificationsPolicy>, IBufferMessage, IMessage
Reference documentation and code samples for the Google Cloud Key Management Service v1 API class KeyAccessJustificationsPolicy.
A
[KeyAccessJustificationsPolicy][google.cloud.kms.v1.KeyAccessJustificationsPolicy]
specifies zero or more allowed
[AccessReason][google.cloud.kms.v1.AccessReason] values for encrypt, decrypt,
and sign operations on a [CryptoKey][google.cloud.kms.v1.CryptoKey].
public RepeatedField<AccessReason> AllowedAccessReasons { get; }
The list of allowed reasons for access to a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. Zero allowed access reasons
means all encrypt, decrypt, and sign operations for the
[CryptoKey][google.cloud.kms.v1.CryptoKey] associated with this policy will
fail.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis webpage provides reference documentation for the \u003ccode\u003eKeyAccessJustificationsPolicy\u003c/code\u003e class within the Google Cloud Key Management Service v1 API.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eKeyAccessJustificationsPolicy\u003c/code\u003e class is used to define allowed access reasons for encrypt, decrypt, and sign operations on a \u003ccode\u003eCryptoKey\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of this documentation is for version 3.16.0, but there are 24 prior versions from 2.2.0 available.\u003c/p\u003e\n"],["\u003cp\u003eThe class implements interfaces like \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, along with inheriting from the \u003ccode\u003eobject\u003c/code\u003e class.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eAllowedAccessReasons\u003c/code\u003e property of the class, of type \u003ccode\u003eRepeatedField<AccessReason>\u003c/code\u003e, dictates the acceptable access reasons, and if this list is empty, all operations will fail.\u003c/p\u003e\n"]]],[],null,["# Google Cloud Key Management Service v1 API - Class KeyAccessJustificationsPolicy (3.18.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.18.0 (latest)](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.17.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.17.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.16.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.16.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.15.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.15.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.14.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.14.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.13.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.13.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.12.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.12.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.11.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.11.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.10.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.10.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.9.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.9.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.8.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.8.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.7.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.7.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.6.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.6.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.5.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.5.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.4.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.4.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.3.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.2.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.1.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [3.0.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/3.0.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [2.9.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.9.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [2.8.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.8.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [2.7.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.7.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [2.6.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.6.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [2.5.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.5.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [2.4.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.4.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [2.3.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.3.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy)\n- [2.2.0](/dotnet/docs/reference/Google.Cloud.Kms.V1/2.2.0/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy) \n\n public sealed class KeyAccessJustificationsPolicy : IMessage\u003cKeyAccessJustificationsPolicy\u003e, IEquatable\u003cKeyAccessJustificationsPolicy\u003e, IDeepCloneable\u003cKeyAccessJustificationsPolicy\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Google Cloud Key Management Service v1 API class KeyAccessJustificationsPolicy.\n\nA\n\\[KeyAccessJustificationsPolicy\\]\\[google.cloud.kms.v1.KeyAccessJustificationsPolicy\\]\nspecifies zero or more allowed\n\\[AccessReason\\]\\[google.cloud.kms.v1.AccessReason\\] values for encrypt, decrypt,\nand sign operations on a \\[CryptoKey\\]\\[google.cloud.kms.v1.CryptoKey\\]. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e KeyAccessJustificationsPolicy \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[KeyAccessJustificationsPolicy](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[KeyAccessJustificationsPolicy](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[KeyAccessJustificationsPolicy](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1.KeyAccessJustificationsPolicy), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Kms.V1](/dotnet/docs/reference/Google.Cloud.Kms.V1/latest/Google.Cloud.Kms.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Kms.V1.dll\n\nConstructors\n------------\n\n### KeyAccessJustificationsPolicy()\n\n public KeyAccessJustificationsPolicy()\n\n### KeyAccessJustificationsPolicy(KeyAccessJustificationsPolicy)\n\n public KeyAccessJustificationsPolicy(KeyAccessJustificationsPolicy other)\n\nProperties\n----------\n\n### AllowedAccessReasons\n\n public RepeatedField\u003cAccessReason\u003e AllowedAccessReasons { get; }\n\nThe list of allowed reasons for access to a\n\\[CryptoKey\\]\\[google.cloud.kms.v1.CryptoKey\\]. Zero allowed access reasons\nmeans all encrypt, decrypt, and sign operations for the\n\\[CryptoKey\\]\\[google.cloud.kms.v1.CryptoKey\\] associated with this policy will\nfail."]]
