diff --git a/docs/resources/google_container_node_pool.md b/docs/resources/google_container_node_pool.md
index ce6e8da4b..49a7199e6 100644
--- a/docs/resources/google_container_node_pool.md
+++ b/docs/resources/google_container_node_pool.md
@@ -52,6 +52,12 @@ end
       its('initial_node_count'){should eq 3}
     end
 
+### Test GCP container node pool boot disk kms key is as expected
+
+    describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
+      its('config.boot_disk_kms_key'){should eq "projects/1234567890/locations/europe-west2-a/keyRings/inspec-gcp-kube-cluster-keyring/cryptoKeys/inspec-gcp-kube-cluster-key"}
+    end
+
 ## Properties
 Properties that can be accessed from the `google_container_node_pool` resource:
 
@@ -111,6 +117,8 @@ Properties that can be accessed from the `google_container_node_pool` resource:
         * GCE_METADATA
         * GKE_METADATA
 
+    * `boot_disk_kms_key`: The Cloud KMS key to use for the boot disk attached to each node in the node pool.
+
   * `initial_node_count`: The initial node count for the pool. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota.
 
   * `status`: Status of nodes in this pool instance
diff --git a/libraries/google/container/property/nodepool_config.rb b/libraries/google/container/property/nodepool_config.rb
index 6742578cf..29efa1ff6 100644
--- a/libraries/google/container/property/nodepool_config.rb
+++ b/libraries/google/container/property/nodepool_config.rb
@@ -53,6 +53,8 @@ class NodePoolConfig
 
         attr_reader :workload_meta_config
 
+        attr_reader :boot_disk_kms_key
+
         def initialize(args = nil, parent_identifier = nil)
           return if args.nil?
           @parent_identifier = parent_identifier
@@ -72,6 +74,7 @@ def initialize(args = nil, parent_identifier = nil)
           @taints = GoogleInSpec::Container::Property::NodePoolConfigTaintsArray.parse(args['taints'], to_s)
           @shielded_instance_config = GoogleInSpec::Container::Property::NodePoolConfigShieldedInstanceConfig.new(args['shieldedInstanceConfig'], to_s)
           @workload_meta_config = GoogleInSpec::Container::Property::NodePoolConfigWorkloadMetaConfig.new(args['workloadMetadataConfig'], to_s)
+          @boot_disk_kms_key = args['bootDiskKmsKey']
         end
 
         def to_s