In embodiments, the request for approval may include a pending time. The pending time may correspond to an amount of time that has elapsed since the request for approval was transmitted to the approving entities by the key management system. In some embodiments, the request for approval may be assigned a pending time threshold by the key management system. If the pending time for a request for approval exceeds the pending time threshold, then the key management system may not perform the requested operation and cancel the request for approval as the threshold number of approvals have not been received within the pending time threshold. For example, if the pending time threshold assigned to a request for approval is two days, and more than two days has elapsed since the key management system transmitted the request for approval to the approving entities, then the operation may not be performed and the request for approval may be canceled. In embodiments, the pending time threshold may be determined based on a quorum policy. For example, a quorum policy of a group may assign a pending time threshold of two days for requests for approval of operations being performed on cryptographic items of that group.

In embodiments, the key management system may utilize two-factor authentication in receiving approval from approving entities. For example, in addition to providing approval to perform an operation via the user interface 650, an approving entity may be required to provide an additional approval via another client device associated with the approving entity.