Docs Menu
Docs Home
/ /
MongoDB Atlas Kubernetes Operator

Encrypt Data Using a Key Management Service

On this page

  • Prerequisites
  • Procedure


Feature unavailable in Serverless Instances

Serverless instances don't support this feature at this time. To learn more, see Serverless Instance Limitations.

Atlas encrypts all cluster storage and snapshot volumes at rest by default. You can add another layer of security by using your cloud provider's KMS together with the MongoDB encrypted storage engine.

You can use one or more of the following customer KMS providers for encryption at rest in Atlas:


The key management provider doesn't need to match the cluster cloud service provider.

To learn more about using your KMS with Atlas, see:

To manage your KMS encryption with Atlas Kubernetes Operator, you can specify and update the spec.encryptionAtRest parameter for the AtlasProject Custom Resource. Each time you change the spec field in any of the supported custom resources, Atlas Kubernetes Operator creates or updates the corresponding Atlas configuration.

Encypt your Atlas data using a customer-managed key with the following procedure:

← X.509