diff --git a/r/compute_disk.html.markdown b/r/compute_disk.html.markdown
index 3d61dd6b..faeb20cc 100644
--- a/r/compute_disk.html.markdown
+++ b/r/compute_disk.html.markdown
@@ -32,6 +32,11 @@ The following arguments are supported:
- - -
+* `disk_encryption_key_raw` - (Optional) A 256-bit [customer-supplied encryption key]
+ (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption),
+ encoded in [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
+ to encrypt this disk.
+
* `image` - (Optional) The image from which to initialize this disk. Either the
full URL, a contraction of the form "project/name", or just a name (in which
case the current project is used).
@@ -51,4 +56,9 @@ The following arguments are supported:
In addition to the arguments listed above, the following computed attributes are
exported:
+* `disk_encryption_key_sha256` - The [RFC 4648 base64]
+ (https://tools.ietf.org/html/rfc4648#section-4) encoded SHA-256 hash of the
+ [customer-supplied encryption key](https://cloud.google.com/compute/docs/disks/customer-supplied-encryption)
+ that protects this resource.
+
* `self_link` - The URI of the created resource.
diff --git a/r/compute_instance.html.markdown b/r/compute_instance.html.markdown
index 7b703181..b015f151 100644
--- a/r/compute_instance.html.markdown
+++ b/r/compute_instance.html.markdown
@@ -136,6 +136,11 @@ the type is "local-ssd", in which case scratch must be true).
* `device_name` - (Optional) Name with which attached disk will be accessible
under `/dev/disk/by-id/`
+* `disk_encryption_key_raw` - (Optional) A 256-bit [customer-supplied encryption key]
+ (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption),
+ encoded in [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
+ to encrypt this disk.
+
The `network_interface` block supports:
* `network` - (Optional) The name or self_link of the network to attach this interface to.
@@ -204,3 +209,7 @@ exported:
* `network_interface.0.address` - The internal ip address of the instance, either manually or dynamically assigned.
* `network_interface.0.access_config.0.assigned_nat_ip` - If the instance has an access config, either the given external ip (in the `nat_ip` field) or the ephemeral (generated) ip (if you didn't provide one).
+
+* `disk.0.disk_encryption_key_sha256` - The [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
+ encoded SHA-256 hash of the [customer-supplied encryption key]
+ (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption) that protects this resource.
\ No newline at end of file