The key management system may provide a user interface to the approving entities. The user interface may be a graphical user interface (GUI) that shows the pending approvals for a particular entity. The GUI may provide information associated with each of the pending approvals. For example, for each pending approval, the GUI may identify a type of the requested operation, an identification of the entity requesting the operation, the cryptographic items that the operation is to be performed on and the approval status of the approving entities. The GUI may include one or more selectable icons that allow an approving entity to either approve or reject the requested operation. In some embodiments, another GUI may be provided to a user of the application requesting the performance of the operation. Such a GUI may identify whether particular entities have approved or rejected the performance of the operation.

The key management system may determine whether a number of received approvals from the approving entities satisfy the quorum policy. For example, if a quorum policy of a cryptographic item requires two out of three approving entities to approve an operation on the cryptographic item, then the quorum policy is satisfied when two approving entities have approved the operation. If the number of received approvals satisfies the quorum policy, then the key management system may perform the requested operation. For example, if the requested operation is to export a cryptographic key, then the key management system may transmit the cryptographic key to the requesting application. Otherwise, if the number of received approvals does not satisfy the quorum policy, then the key management system may not perform the requested operation.