FIG. 3 illustrates a flow diagram of an example method 300 to receive results of a requested operation upon receiving approval from a set of entities. In general, the method 300 may be performed by processing logic that may include hardware (e.g., processing device, circuitry, dedicated logic, programmable logic, microcode, hardware of a device, integrated circuit, etc.), software (e.g., instructions run or executed on a processing device), or a combination thereof. In some embodiments, the method 300 may be performed by application 130 of FIG. 1.

As shown in FIG. 3, the method 300 may begin with the processing logic transmitting a request to perform an operation with a cryptographic item at a key management system (block 310). The request may identify one or more cryptographic items stored at the key management system and a type of operation to be performed with the cryptographic item. For example, the request may identify the requested operation as exporting a cryptographic key stored at the key management system. In embodiments, the request may include a data object that a cryptographic operation is to be performed on. For example, the application may provide a data object along with the request. The requested operation may be to encrypt the data object using a cryptographic key or cryptographic plugin stored at the key management system.