atlas api encryptionAtRestUsingCustomerKeyManagement updateEncryptionAtRest
On this page
Public Preview: please provide feedback at: Updates the configuration for encryption at rest using the keys you manage through your cloud provider.
MongoDB Cloud encrypts all storage even if you don't use your own key management. This resource requires the requesting Service Account or API Key to have the Project Owner role. This feature isn't available for M0 free clusters, M2, M5, or serverless clusters.
After you configure at least one Encryption at Rest using a Customer Key Management provider for the MongoDB Cloud project, Project Owners can enable Encryption at Rest using Customer Key Management for each MongoDB Cloud cluster for which they require encryption. The Encryption at Rest using Customer Key Management provider doesn't have to match the cluster cloud service provider. MongoDB Cloud doesn't automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest using Customer Key Management provider's documentation and guidance for best practices on key rotation. MongoDB Cloud automatically creates a 90-day key rotation alert when you configure Encryption at Rest using Customer Key Management using your Key Management in an MongoDB Cloud project. MongoDB Cloud encrypts all storage whether or not you use your own key management.
This command is autogenerated and corresponds 1:1 with the Atlas API endpoint https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/updateEncryptionAtRest.
For more information and examples, see the referenced API documentation linked above.
Syntax
atlas api encryptionAtRestUsingCustomerKeyManagement updateEncryptionAtRest [options]
Options
Name | Type | Required | Description |
|---|---|---|---|
--envelope | envelope | false | Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body. |
--file | string | false | path to your API request file. Leave empty to use standard input instead - you must provide one or the other, but not both. |
--groupId | string | true | Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups. |
-h, --help | false | help for updateEncryptionAtRest | |
--output | string | false | preferred api format, can be ["json", go-template] This value defaults to "json". |
--output-file | string | false | file to write the api output to. This flag is required when the output of an endpoint is binary (ex: gzip) and the command is not piped (ex: atlas command > out.zip) |
--pretty | false | Flag that indicates whether the response body should be in the prettyprint format. | |
--version | string | false | api version to use when calling the api call [options: "2023-01-01"], defaults to the latest version or the profiles api_version config value if set This value defaults to "2023-01-01". |
Inherited Options
Name | Type | Required | Description |
|---|---|---|---|
-P, --profile | string | false | Name of the profile to use from your configuration file. To learn about profiles for the Atlas CLI, see https://dochub.mongodb.org/core/atlas-cli-save-connection-settings. |