scaleway
diff --git a/‎docs/resources/rdb_instance.md
+3 b/‎docs/resources/rdb_instance.md
+3
diff --git a/‎internal/services/rdb/instance.go
+12 b/‎internal/services/rdb/instance.go
+12
diff --git a/‎internal/services/rdb/instance_test.go
+88 b/‎internal/services/rdb/instance_test.go
+88
diff --git a/‎internal/services/rdb/testdata/instance-encryption-at-rest-false.cassette.yaml
+936 b/‎internal/services/rdb/testdata/instance-encryption-at-rest-false.cassette.yaml
+936
diff --git a/‎internal/services/rdb/testdata/instance-encryption-at-rest.cassette.yaml
+936 b/‎internal/services/rdb/testdata/instance-encryption-at-rest.cassette.yaml
+936
@@ -21,6 +21,7 @@ resource "scaleway_rdb_instance" "main" {
   disable_backup = true
   user_name      = "my_initial_user"
   password       = "thiZ_is_v&ry_s3cret"
+  encryption_at_rest = true
 }
 ```
 
@@ -168,6 +169,8 @@ interruption.
 - `project_id` - (Defaults to [provider](../index.md#arguments-reference) `project_id`) The ID of the project the Database
   Instance is associated with.
 
+- `encryption_at_rest` - (Optional) Enable or disable encryption at rest for the Database Instance.
+
 ### Backups
 
 - `disable_backup` - (Optional) Disable automated backup for the Database Instance.
 
@@ -302,6 +302,12 @@ func ResourceInstance() *schema.Resource {
 					},
 				},
 			},
+			"encryption_at_rest": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "Enable or disable encryption at rest for the database instance",
+			},
 			// Common
 			"region":          regional.Schema(),
 			"organization_id": account.OrganizationIDSchema(),
@@ -328,6 +334,9 @@ func ResourceRdbInstanceCreate(ctx context.Context, d *schema.ResourceData, m in
 		UserName:      d.Get("user_name").(string),
 		Password:      d.Get("password").(string),
 		VolumeType:    rdb.VolumeType(d.Get("volume_type").(string)),
+		Encryption: &rdb.EncryptionAtRest{
+			Enabled: d.Get("encryption_at_rest").(bool),
+		},
 	}
 
 	if initSettings, ok := d.GetOk("init_settings"); ok {
@@ -463,6 +472,9 @@ func ResourceRdbInstanceRead(ctx context.Context, d *schema.ResourceData, m inte
 	_ = d.Set("region", string(region))
 	_ = d.Set("organization_id", res.OrganizationID)
 	_ = d.Set("project_id", res.ProjectID)
+	if res.Encryption != nil {
+		_ = d.Set("encryption_at_rest", res.Encryption.Enabled)
+	}
 
 	// set user and password
 	if user, ok := d.GetOk("user_name"); ok {
 
@@ -1216,6 +1216,94 @@ func TestAccInstance_Endpoints(t *testing.T) {
 	})
 }
 
+func TestAccInstance_EncryptionAtRest(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+
+	latestEngineVersion := rdbchecks.GetLatestEngineVersion(tt, postgreSQLEngineName)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.PreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      rdbchecks.IsInstanceDestroyed(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+					resource scaleway_rdb_instance main {
+						name               = "test-rdb-encryption"
+						node_type          = "db-dev-s"
+						engine             = %q
+						is_ha_cluster      = false
+						disable_backup     = true
+						user_name          = "my_initial_user"
+						password           = "thiZ_is_v&ry_s3cret"
+						encryption_at_rest = true
+						tags               = [ "terraform-test", "scaleway_rdb_instance", "encryption" ]
+					}
+				`, latestEngineVersion),
+				Check: resource.ComposeTestCheckFunc(
+					isInstancePresent(tt, "scaleway_rdb_instance.main"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "name", "test-rdb-encryption"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "node_type", "db-dev-s"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "engine", latestEngineVersion),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "is_ha_cluster", "false"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "disable_backup", "true"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "user_name", "my_initial_user"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "password", "thiZ_is_v&ry_s3cret"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "encryption_at_rest", "true"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "tags.0", "terraform-test"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "tags.1", "scaleway_rdb_instance"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "tags.2", "encryption"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccInstance_EncryptionAtRestFalse(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+
+	latestEngineVersion := rdbchecks.GetLatestEngineVersion(tt, postgreSQLEngineName)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.PreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      rdbchecks.IsInstanceDestroyed(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+					resource scaleway_rdb_instance main {
+						name               = "test-rdb-no-encryption"
+						node_type          = "db-dev-s"
+						engine             = %q
+						is_ha_cluster      = false
+						disable_backup     = true
+						user_name          = "my_initial_user_no_enc"
+						password           = "thiZ_is_v&ry_s3cret"
+						encryption_at_rest = false
+						tags               = [ "terraform-test", "scaleway_rdb_instance", "no_encryption" ]
+					}
+				`, latestEngineVersion),
+				Check: resource.ComposeTestCheckFunc(
+					isInstancePresent(tt, "scaleway_rdb_instance.main"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "name", "test-rdb-no-encryption"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "node_type", "db-dev-s"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "engine", latestEngineVersion),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "is_ha_cluster", "false"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "disable_backup", "true"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "user_name", "my_initial_user_no_enc"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "password", "thiZ_is_v&ry_s3cret"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "encryption_at_rest", "false"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "tags.0", "terraform-test"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "tags.1", "scaleway_rdb_instance"),
+					resource.TestCheckResourceAttr("scaleway_rdb_instance.main", "tags.2", "no_encryption"),
+				),
+			},
+		},
+	})
+}
+
 func isInstancePresent(tt *acctest.TestTools, n string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]