atlas api encryptionAtRestUsingCustomerKeyManagement updateEncryptionAtRest
On this page
experimental: Updates the configuration for encryption at rest using the keys you manage through your cloud provider.
MongoDB Cloud encrypts all storage even if you don't use your own key management. This resource requires the requesting API Key to have the Project Owner role. This feature isn't available for M0 free clusters, M2, M5, or serverless clusters. After you configure at least one Encryption at Rest using a Customer Key Management provider for the MongoDB Cloud project, Project Owners can enable Encryption at Rest using Customer Key Management for each MongoDB Cloud cluster for which they require encryption. The Encryption at Rest using Customer Key Management provider doesn't have to match the cluster cloud service provider. MongoDB Cloud doesn't automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest using Customer Key Management provider's documentation and guidance for best practices on key rotation. MongoDB Cloud automatically creates a 90-day key rotation alert when you configure Encryption at Rest using Customer Key Management using your Key Management in an MongoDB Cloud project. MongoDB Cloud encrypts all storage whether or not you use your own key management. This command is invoking the endpoint with OperationID: 'updateEncryptionAtRest'. For more information about flags, format of --file and examples, see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/updateEncryptionAtRest
Syntax
atlas api encryptionAtRestUsingCustomerKeyManagement updateEncryptionAtRest [options]
Options
Name | Type | Required | Description |
|---|---|---|---|
--envelope | false | flag that indicates whether Application wraps the response in an envelope JSON object | |
--file | string | false | path to the file which contains the api request contents |
--groupId | string | true | unique 24-hexadecimal digit string that identifies your project |
-h, --help | false | help for updateEncryptionAtRest | |
--output | string | false | preferred api format, can be ["json", go-template] This value defaults to "json". |
--output-file | string | false | file to write the api output to. This flag is required when the output of an endpoint is binary (ex: gzip) and the command is not piped (ex: atlas command > out.zip) |
--pretty | false | flag that indicates whether the response body should be in the prettyprint format | |
--version | string | false | api version to use when calling the api call [options: "2023-01-01"], defaults to the latest version or the profiles api_version config value if set This value defaults to "2023-01-01". |
Inherited Options
Name | Type | Required | Description |
|---|---|---|---|
-P, --profile | string | false | Name of the profile to use from your configuration file. To learn about profiles for the Atlas CLI, see https://dochub.mongodb.org/core/atlas-cli-save-connection-settings. |