Google Compute instance VMs have disk encryption enabled by default to help protect data at-rest. It is recommended to use customer supplied keys which can be managed in the Cloud KMS environment. For more on encryption of Compute Engine disks, see the GCP documentation.
References:
https://cloud.google.com/compute/docs/disks/customer-supplied-encryption
In GCP Console -
In Terraform -