Terraform: Add support for Customer supplied Encryption in Google

disclaimer: i use the google provider a lot but i neither work for google nor am i a terraform committer.

It's still a beta feature. To access it, Terraform would have to use the beta gcloud go SDK. gcloud resources refer to each by self_link (basically, a URL pointing to the resource). contrast that with AWS resources which reference each other by name. the self_link generated by any users of a beta SDK would have a different URL than non-beta resources. For example, use of the beta SDK for compute instances to get this feature would cause google_compute_instance's self_link attribute to change and that would cause resources that use that attribute to be marked dirty even with zero changes to the terraform files. Then, when the feature moves from beta to general availability any resources that depend on it would again become tainted by the URL change by going back to the release SDK. the schema would have to account for this via versioning and various transition functions.

what i'm saying is even if it's a trivial change to map a single resource attribute to a single field in a map passed to the SDK, use of the beta SDK itself has widespread ramifications.

Hey, @klenje, I agree with @billf and will tag this issue as upstream to revisit when this API reaches v1.

Hi here, CSEK(customer supplied encryption key) is now generally available since the 2016/08/01

• https://cloudplatform.googleblog.com/2016/08/how-Google-protects-your-data-Customer-Supplied-Encryption-Keys-for-Compute-Engine-goes-GA.html

Looks like this issue addressed in #11167

Yes, this is done.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.