EDA customers prefer encrypting boot and data volumes. However boot volumes can be encrypted only when resources are created. Further customers prefer using their own encryption key i.e. either bring your own key or keep your own key. Either is managed via IBM Cloud Hyper Protect Crypto Service.
Requirements
Please provide a Terraform variable to specify KMS key and use that for encrypting boot volumes. In ibm_is_instance resource, boot volume encryption can be configured via the boot_volume code block. The encryption parameter takes the KMS key CRN. This should be applicable to all VMs created by automation. Currently there were no requirements for configuring separate keys i.e. a single key to encrypt all boot volumes across all VMs created.
Background
EDA customers prefer encrypting boot and data volumes. However boot volumes can be encrypted only when resources are created. Further customers prefer using their own encryption key i.e. either bring your own key or keep your own key. Either is managed via IBM Cloud Hyper Protect Crypto Service.
Requirements
Please provide a Terraform variable to specify KMS key and use that for encrypting boot volumes. In ibm_is_instance resource, boot volume encryption can be configured via the boot_volume code block. The encryption parameter takes the KMS key CRN. This should be applicable to all VMs created by automation. Currently there were no requirements for configuring separate keys i.e. a single key to encrypt all boot volumes across all VMs created.