{"id":"cmek-single-control-plane-for-data-governance","text":"CMEK key lifecycle serves as the single control plane for data governance across GCP: rotation is operationally safe (ciphertext self-identifies its key version), but destruction permanently shreds all encrypted data across every service — and GCS's tiered encryption model means choosing CMEK explicitly opts into this asymmetric risk, trading storage durability for cryptographic access control at the KMS layer.","truth_value":"OUT","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{"_retracted":true},"explanation":{"steps":[{"node":"cmek-single-control-plane-for-data-governance","truth_value":"OUT","reason":"retracted premise"}]}}