diff --git a/modules/artifact-registry/README.md b/modules/artifact-registry/README.md
index b782c068..26a9c3fb 100644
--- a/modules/artifact-registry/README.md
+++ b/modules/artifact-registry/README.md
@@ -25,13 +25,14 @@ module "docker_artifact_registry" {
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [id](variables.tf#L35) | Repository id. | <code>string</code> | ✓ |  |
-| [project_id](variables.tf#L52) | Registry project id. | <code>string</code> | ✓ |  |
+| [id](variables.tf#L41) | Repository id. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L58) | Registry project id. | <code>string</code> | ✓ |  |
 | [description](variables.tf#L17) | An optional description for the repository. | <code>string</code> |  | <code>&#34;Terraform-managed registry&#34;</code> |
-| [format](variables.tf#L23) | Repository format. One of DOCKER or UNSPECIFIED. | <code>string</code> |  | <code>&#34;DOCKER&#34;</code> |
-| [iam](variables.tf#L29) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [labels](variables.tf#L40) | Labels to be attached to the registry. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
-| [location](variables.tf#L46) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> |  | <code>null</code> |
+| [encryption_key](variables.tf#L23) | The KMS key name to use for encryption at rest. | <code>string</code> |  | <code>null</code> |
+| [format](variables.tf#L29) | Repository format. One of DOCKER or UNSPECIFIED. | <code>string</code> |  | <code>&#34;DOCKER&#34;</code> |
+| [iam](variables.tf#L35) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [labels](variables.tf#L46) | Labels to be attached to the registry. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
+| [location](variables.tf#L52) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> |  | <code>null</code> |
 
 ## Outputs
 
diff --git a/modules/artifact-registry/main.tf b/modules/artifact-registry/main.tf
index 8b01e096..814aaba1 100644
--- a/modules/artifact-registry/main.tf
+++ b/modules/artifact-registry/main.tf
@@ -22,6 +22,7 @@ resource "google_artifact_registry_repository" "registry" {
   format        = var.format
   labels        = var.labels
   repository_id = var.id
+  kms_key_name  = var.encryption_key
 }
 
 resource "google_artifact_registry_repository_iam_binding" "bindings" {
diff --git a/modules/artifact-registry/variables.tf b/modules/artifact-registry/variables.tf
index 907ee976..afdfa8d5 100644
--- a/modules/artifact-registry/variables.tf
+++ b/modules/artifact-registry/variables.tf
@@ -20,6 +20,12 @@ variable "description" {
   default     = "Terraform-managed registry"
 }
 
+variable "encryption_key" {
+  description = "The KMS key name to use for encryption at rest."
+  type        = string
+  default     = null
+}
+
 variable "format" {
   description = "Repository format. One of DOCKER or UNSPECIFIED."
   type        = string