Get Configuration for Encryption at Rest for a Project

Retrieves the current configuration details for Encryption at Rest for an Atlas project.


Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.


This feature is not available for M0 (Free Tier), M2, and M5 clusters. For more information, see Atlas M0 (Free Tier), M2, and M5 Limitations.

The Atlas API uses HTTP Digest Authentication. Provide your Atlas username and API key as the username and password when constructing the HTTP request.

For complete documentation on configuring API access for an Atlas project, see Configure Atlas API Access.

Base URL:


GET /groups/{GROUP-ID}/encryptionAtRest

Request Path Parameters

Path Element Required/Optional Description
GROUP-ID Required. The unique identifier for the project.

Request Query Parameters

This endpoint may use any of the HTTP request query parameters available to all Atlas API resources. These are all optional.

Name Type Description Default
pretty boolean Display response in a prettyprint format. false
envelope boolean Specifies whether or not to wrap the response in an envelope. false

Request Body Parameters

This endpoint does not use HTTP request body parameters.


Name Type Description
awsKms object Specifies whether Encryption at Rest is enabled for an Atlas project and the AWS KMS configuration details.
awsKms.accessKeyID string The IAM access key ID with permissions to access the customer master key specified by customerMasterKeyID.
awsKms.customerMasterKeyID string The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
awsKms.enabled boolean Specifies whether Encryption at Rest is enabled for an Atlas project.
awsKms.region string The AWS region in which the AWS customer master key exists.

Example Request

curl -X GET -i -u "username:apiKey" --digest \

Example Response

  "awsKms" : {
    "customerMasterKeyID" : "030gce02-586d-48d2-a966-05ea954fde0g",
    "enabled" : true,
    "region" : "US_EAST_1"