diff --git a/r/compute_disk.html.markdown b/r/compute_disk.html.markdown
index 3d61dd6b..faeb20cc 100644
--- a/r/compute_disk.html.markdown
+++ b/r/compute_disk.html.markdown
@@ -32,6 +32,11 @@ The following arguments are supported:
 
 - - -
 
+* `disk_encryption_key_raw` - (Optional) A 256-bit [customer-supplied encryption key]
+    (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption),
+    encoded in [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
+    to encrypt this disk.
+
 * `image` - (Optional) The image from which to initialize this disk. Either the
     full URL, a contraction of the form "project/name", or just a name (in which
     case the current project is used).
@@ -51,4 +56,9 @@ The following arguments are supported:
 In addition to the arguments listed above, the following computed attributes are
 exported:
 
+* `disk_encryption_key_sha256` - The [RFC 4648 base64]
+    (https://tools.ietf.org/html/rfc4648#section-4) encoded SHA-256 hash of the
+    [customer-supplied encryption key](https://cloud.google.com/compute/docs/disks/customer-supplied-encryption)
+    that protects this resource.
+
 * `self_link` - The URI of the created resource.
diff --git a/r/compute_instance.html.markdown b/r/compute_instance.html.markdown
index 7b703181..b015f151 100644
--- a/r/compute_instance.html.markdown
+++ b/r/compute_instance.html.markdown
@@ -136,6 +136,11 @@ the type is "local-ssd", in which case scratch must be true).
 * `device_name` - (Optional) Name with which attached disk will be accessible
     under `/dev/disk/by-id/`
 
+* `disk_encryption_key_raw` - (Optional) A 256-bit [customer-supplied encryption key]
+    (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption),
+    encoded in [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
+    to encrypt this disk.
+
 The `network_interface` block supports:
 
 * `network` - (Optional) The name or self_link of the network to attach this interface to.
@@ -204,3 +209,7 @@ exported:
 * `network_interface.0.address` - The internal ip address of the instance, either manually or dynamically assigned.
 
 * `network_interface.0.access_config.0.assigned_nat_ip` - If the instance has an access config, either the given external ip (in the `nat_ip` field) or the ephemeral (generated) ip (if you didn't provide one).
+
+* `disk.0.disk_encryption_key_sha256` - The [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
+    encoded SHA-256 hash of the [customer-supplied encryption key]
+    (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption) that protects this resource.
\ No newline at end of file