Encrypt Data Using a Key Management Service
On this page
Important
Feature unavailable in Serverless Instances
Serverless instances don't support this feature at this time. To learn more, see Serverless Instance Limitations.
Atlas encrypts all cluster storage and snapshot volumes at rest by default. You can add another layer of security by using your cloud provider's KMS together with the MongoDB encrypted storage engine.
You can use one or more of the following customer KMS providers for encryption at rest in Atlas:
Note
The key management provider doesn't need to match the cluster cloud service provider.
To learn more about using your KMS with Atlas, see:
To manage your KMS encryption with Atlas Kubernetes Operator, you can
specify and update the spec.encryptionAtRest parameter for
the AtlasProject Custom Resource. Each time you change the
spec field in any of the supported custom resources, Atlas Kubernetes Operator
creates or updates the
corresponding Atlas configuration.
Prerequisites
Procedure
Encypt your Atlas data using a customer-managed key with the following procedure: