Hi all,
Did anyone managed to succeed and configure MongoDB Atlas encryption at rest using GCP KMS?
Below is my configuration for the mongodbatlas_encryption_at_rest resource, but it actually always throws the following exception:
╷
│ Error: error creating Encryption At Rest: ************************
│
│ with module.mongodb.mongodbatlas_encryption_at_rest.encatrest,
│ on modules/mongodb/mongodbatlas_encryption_at_rest.tf line 4, in resource "mongodbatlas_encryption_at_rest" "encatrest":
│ 4: resource "mongodbatlas_encryption_at_rest" "encatrest" {
│
│ https://cloud.mongodb.com/api/atlas/v2/groups/65fa005b209d90153ea83b60/encryptionAtRest PATCH: HTTP 400 Bad Request (Error code:
│ "MISSING_ENCRYPTION_AT_REST_PROVIDER") Detail: At least one Encryption at Rest provider must be specified. Reason: Bad Request. Params: []
╵
Here’s my configuration:
resource "mongodbatlas_encryption_at_rest" "encatrest" {
project_id = mongodbatlas_project.project.id
google_cloud_kms_config {
enabled = true
key_version_resource_id = google_kms_crypto_key.mongodb_atlas_encryption_at_rest.primary[0].name
service_account_key = base64decode(google_service_account_key.mongodb_atlas_encryption_at_rest.private_key)
}
}
If I output key_version_resource_id and service_account_key and use these values to manually configure encryption at rest at the mongodb atlas web console, it enables it and configures it without any issues or exceptions. I also tried to import it to my terraform state after manual enablement and then apply this same configuration - it detects a change in order to add service_account_key and it in the end applies the change.
Anyone who might have this same issue or any idea how to overcome it?