diff --git a/modules/artifact-registry/README.md b/modules/artifact-registry/README.md
index b782c0688..6e3d0340c 100644
--- a/modules/artifact-registry/README.md
+++ b/modules/artifact-registry/README.md
@@ -13,7 +13,7 @@ module "docker_artifact_registry" {
   location   = "europe-west1"
   format     = "DOCKER"
   id         = "myregistry"
-  iam = {
+  iam        = {
     "roles/artifactregistry.admin" = ["group:cicd@example.com"]
   }
 }
@@ -28,6 +28,7 @@ module "docker_artifact_registry" {
 | [id](variables.tf#L35) | Repository id. | <code>string</code> | ✓ |  |
 | [project_id](variables.tf#L52) | Registry project id. | <code>string</code> | ✓ |  |
 | [description](variables.tf#L17) | An optional description for the repository. | <code>string</code> |  | <code>&#34;Terraform-managed registry&#34;</code> |
+| [encryption_key](variables.tf#L57) | The KMS key name to use for encryption at rest. | <code>string</code> |  | <code>null</code> |
 | [format](variables.tf#L23) | Repository format. One of DOCKER or UNSPECIFIED. | <code>string</code> |  | <code>&#34;DOCKER&#34;</code> |
 | [iam](variables.tf#L29) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [labels](variables.tf#L40) | Labels to be attached to the registry. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
diff --git a/modules/artifact-registry/main.tf b/modules/artifact-registry/main.tf
index 8b01e0961..814aaba14 100644
--- a/modules/artifact-registry/main.tf
+++ b/modules/artifact-registry/main.tf
@@ -22,6 +22,7 @@ resource "google_artifact_registry_repository" "registry" {
   format        = var.format
   labels        = var.labels
   repository_id = var.id
+  kms_key_name  = var.encryption_key
 }
 
 resource "google_artifact_registry_repository_iam_binding" "bindings" {
diff --git a/modules/artifact-registry/variables.tf b/modules/artifact-registry/variables.tf
index 907ee976b..8fcd2c4d2 100644
--- a/modules/artifact-registry/variables.tf
+++ b/modules/artifact-registry/variables.tf
@@ -53,3 +53,9 @@ variable "project_id" {
   description = "Registry project id."
   type        = string
 }
+
+variable "encryption_key" {
+  description = "The KMS key name to use for encryption at rest."
+  type        = string
+  default     = null
+}