Docs Menu
Docs Home
/ /

atlas api encryptionAtRestUsingCustomerKeyManagement updateEncryptionAtRest

Updates the configuration for encryption at rest using the keys you manage through your cloud provider.

The atlas api sub-command is automatically generated from the MongoDB Atlas Admin API and offers full coverage of the Admin API. Admin API capabilities have their own release lifecycle, which you can check via the provided API endpoint documentation link.

MongoDB Cloud encrypts all storage even if you don't use your own key management. This resource requires the requesting Service Account or API Key to have the Project Owner role. This feature isn't available for M0 free clusters, M2, M5, or serverless clusters.

After you configure at least one Encryption at Rest using a Customer Key Management provider for the MongoDB Cloud project, Project Owners can enable Encryption at Rest using Customer Key Management for each MongoDB Cloud cluster for which they require encryption. The Encryption at Rest using Customer Key Management provider doesn't have to match the cluster cloud service provider. MongoDB Cloud doesn't automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest using Customer Key Management provider's documentation and guidance for best practices on key rotation. MongoDB Cloud automatically creates a 90-day key rotation alert when you configure Encryption at Rest using Customer Key Management using your Key Management in an MongoDB Cloud project. MongoDB Cloud encrypts all storage whether or not you use your own key management.

This command is autogenerated and corresponds 1:1 with the Atlas API endpoint https://www.mongodb.com/zh-cn/docs/api/doc/atlas-admin-api-v2/operation/operation-updategroupencryptionatrest.

For more information and examples, see the referenced API documentation linked above.

Command Syntax
atlas api encryptionAtRestUsingCustomerKeyManagement updateEncryptionAtRest [options]
Name
Type
Required
Description

--envelope

envelope

false

Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

--file

string

false

path to your API request file. Leave empty to use standard input instead - you must provide one or the other, but not both.

--groupId

string

true

Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.

NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.

-h, --help

false

help for updateEncryptionAtRest

-o, --output

string

false

preferred api format, can be ["json", go-template] This value defaults to "json".

--outputFile

string

false

file to write the api output to. This flag is required when the output of an endpoint is binary (ex: gzip) and the command is not piped (ex: atlas command > out.zip)

--pretty

false

Flag that indicates whether the response body should be in the prettyprint format.

--version

string

false

api version to use when calling the api call [options: "2023-01-01"], defaults to the latest version or the profiles api_version config value if set This value defaults to "2023-01-01".

Name
Type
Required
Description

-P, --profile

string

false

Back

requestPrivateEndpointDeletion

On this page