- API >
- API Resources >
- Encryption at Rest >
- Enable and Configure Encryption at Rest for a Project
Enable and Configure Encryption at Rest for a Project¶
On this page
Note
Groups and projects are synonymous terms. Your {GROUP-ID} is the
same as your project ID. For existing groups, your group/project ID
remains the same. The resource and corresponding endpoints use the
term groups.
Note
This feature is not available for M0 (Free Tier), M2, and M5
clusters. For more information, see Atlas M0 (Free Tier), M2, and M5 Limitations.
The Atlas API uses HTTP Digest Authentication. Provide your Atlas username and API key as the username and password when constructing the HTTP request.
For complete documentation on configuring API access for an Atlas project, see Configure Atlas API Access.
Base URL: https://cloud.mongodb.com/api/atlas/v1.0
Enables, disables, and configures Encryption at Rest for an Atlas project. See Encryption at Rest for more information, including prerequisites and restrictions.
Syntax¶
Request Path Parameters¶
| Path Element | Required/Optional | Description |
|---|---|---|
GROUP-ID |
Required. | The unique identifier for the project. |
Request Query Parameters¶
This endpoint may use any of the HTTP request query parameters available to all Atlas API resources. These are all optional.
| Name | Type | Description | Default |
|---|---|---|---|
pretty |
boolean | Display response in a prettyprint format. | false |
envelope |
boolean | Specifies whether or not to wrap the response in an envelope. | false |
Request Body Parameters¶
The required request body parameters depend on whether Encryption at Rest is currently enabled:
- If Encryption at Rest is not enabled, all of the following parameters are required.
- If Encryption at Rest is enabled, administrators can update the configuration by passing only the changed fields to this endpoint.
| Name | Type | Description |
|---|---|---|
awsKms |
object | Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project. |
awsKms.enabled |
boolean | Specifies whether Encryption at Rest is enabled for an Atlas
project. To disable Encryption at Rest, pass this parameter only
with a value of false. When you disable Encryption at Rest,
Atlas also removes the AWS KMS configuration details. |
awsKms.accessKeyID |
string | The IAM access key ID with permissions to access the customer
master key specified by customerMasterKeyID. |
awsKms.secretAccessKey |
string | The IAM secret access key with permissions to access the customer
master key specified by customerMasterKeyID. |
awsKms.customerMasterKeyID |
string | The AWS customer master key used to encrypt and decrypt the MongoDB master keys. |
awsKms.region |
string | The AWS region in which the AWS customer master key exists:
|
Response¶
| Name | Type | Description |
|---|---|---|
awsKms |
object | Specifies whether Encryption at Rest is enabled for an Atlas project and the AWS KMS configuration details. |
awsKms.accessKeyID |
string | The IAM access key ID with permissions to access the customer
master key specified by customerMasterKeyID. |
awsKms.customerMasterKeyID |
string | The AWS customer master key used to encrypt and decrypt the MongoDB master keys. |
awsKms.enabled |
boolean | Specifies whether Encryption at Rest is enabled for an Atlas project. |
awsKms.region |
string | The AWS region in which the AWS customer master key exists. |
Example Request¶
The following example enables and configures Encryption at Rest for an Atlas project:
Example Response¶
Example Request¶
The following example disables Encryption at Rest for an Atlas project: