By default, Compute Engine encrypts all data at rest. Compute Engine handles and manages this encryption for you without any additional actions on your part.
disk_encryption_key block is included in the resource declaration then it must include a
Encryption of disk using unmanaged keys.
Enable encryption using a customer-managed key.
The following example will fail the google-compute-disk-encryption-customer-keys check.
The following example will pass the google-compute-disk-encryption-customer-keys check.