Encrypt Data Using a Key Management Service

Atlas encrypts all cluster storage and snapshot volumes at rest by default. You can add another layer of security by using your cloud provider's KMS together with the MongoDB encrypted storage engine.

You can use one or more of the following customer KMS providers for encryption at rest in Atlas:

• AWS KMS

• Azure Key Vault

• Google Cloud KMS

To learn more about using your KMS with Atlas, see:

• Encryption at Rest using Customer Key Management.

• Manage Customer Keys with AWS KMS.

• Manage Customer Keys with Azure Key Vault.

• Manage Customer Keys with Google Cloud KMS.

To manage your KMS encryption with Atlas Kubernetes Operator, you can specify and update the spec.encryptionAtRest parameter for the AtlasProject Custom Resource. Each time you change the spec field in any of the supported custom resources, Atlas Kubernetes Operator creates or updates the corresponding Atlas configuration.