{"id":"kms-governance-couples-duty-separation-with-safe-rotation","text":"Cloud KMS governance provides complementary safety guarantees: strict separation of duties ensures administrators cannot perform cryptographic operations (and vice versa) while key rotation is operationally safe because it creates new versions without re-encrypting existing data and the version is embedded in ciphertext for transparent decryption — together enabling key governance where operational mistakes in rotation cannot cause data loss and administrative access cannot enable data exfiltration.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"kms-governance-couples-duty-separation-with-safe-rotation","truth_value":"IN","reason":"premise"}]}}