Remediation

Currently there is no way to update the encryption of an existing disk. Therefore you should create a new disk with Encryption set to Customer supplied.

From Google Cloud Console

Go to Compute Engine Disks by visiting: https://console.cloud.google.com/compute/disks.
Click CREATE DISK.
Set Encryption type to Customer supplied,
Provide the Key in the box.
Select Wrapped key.
Click Create.

From Google Cloud CLI

In the gcloud compute tool, encrypt a disk using the --csek-key-file flag during instance creation. If you are using an RSA-wrapped key, use the gcloud beta component:

gcloud compute instances create {{instance-name}} \
    --csek-key-file {{example-file.json}}

To encrypt a standalone persistent disk:

gcloud compute disks create {{disk-name}} \
    --csek-key-file {{example-file.json}}

From Google Cloud Console​

From Google Cloud CLI​

From Google Cloud Console

From Google Cloud CLI