diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e89ac0..581a77c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-----
+### Added
+
+- Added `encrypted` boolean flag to Storage for encryption at rest support
 
 ## [2.5.1] - 2023-09-19
 
diff --git a/docs/Storage.md b/docs/Storage.md
index 6074e76..3aa635e 100644
--- a/docs/Storage.md
+++ b/docs/Storage.md
@@ -51,7 +51,8 @@ storage1 = manager.create_storage(
     zone='fi-hel1',
     size=10,
     tier="maxiops",
-    title="my storage disk"
+    title="my storage disk",
+    encrypted=False
 )
 
 storage2 = manager.create_storage(zone='de-fra1', size=100)
diff --git a/test/json_data/storage_01d4fcd4-e446-433b-8a9c-551a1284952e.json b/test/json_data/storage_01d4fcd4-e446-433b-8a9c-551a1284952e.json
index cc62d8d..e6e5f4f 100644
--- a/test/json_data/storage_01d4fcd4-e446-433b-8a9c-551a1284952e.json
+++ b/test/json_data/storage_01d4fcd4-e446-433b-8a9c-551a1284952e.json
@@ -5,6 +5,7 @@
 		"backups" : {
 			"backup" : []
 			},
+        "encrypted": "yes",
         "labels": [
             {
                 "key": "role",
diff --git a/test/json_data/storage_post.json b/test/json_data/storage_post.json
index 33cec53..856bc65 100644
--- a/test/json_data/storage_post.json
+++ b/test/json_data/storage_post.json
@@ -5,6 +5,7 @@
         "backups": {
             "backup": []
         },
+        "encrypted": "yes",
         "labels": [
             {
                 "key": "role",
diff --git a/test/test_storage.py b/test/test_storage.py
index 76f1973..42c7640 100644
--- a/test/test_storage.py
+++ b/test/test_storage.py
@@ -31,9 +31,10 @@ def test_get_templates(self, manager):
     def test_storage_create(self, manager):
         Mock.mock_post("storage")
         storage = manager.create_storage(
-            zone="fi-hel1", size=666, tier="maxiops", title="My data collection"
+            zone="fi-hel1", encrypted=True, size=666, tier="maxiops", title="My data collection"
         )
         assert type(storage).__name__ == "Storage"
+        assert storage.encrypted
         assert storage.size == 666
         assert storage.tier == "maxiops"
         assert storage.title == "My data collection"
@@ -47,6 +48,7 @@ def test_clone_storage(self, manager):
         Mock.mock_post("storage/01d4fcd4-e446-433b-8a9c-551a1284952e/clone")
         cloned_storage = storage.clone('cloned-storage-test', 'fi-hel1')
         assert type(cloned_storage).__name__ == "Storage"
+        assert not cloned_storage.encrypted
         assert cloned_storage.size == 666
         assert cloned_storage.tier == "maxiops"
         assert cloned_storage.title == "cloned-storage-test"
diff --git a/upcloud_api/cloud_manager/storage_mixin.py b/upcloud_api/cloud_manager/storage_mixin.py
index 1e30c70..a049a08 100644
--- a/upcloud_api/cloud_manager/storage_mixin.py
+++ b/upcloud_api/cloud_manager/storage_mixin.py
@@ -45,6 +45,7 @@ def create_storage(
         size: int = 10,
         tier: str = 'maxiops',
         title: str = 'Storage disk',
+        encrypted: bool = False,
         *,
         backup_rule: Optional[dict] = None,
     ) -> Storage:
@@ -53,6 +54,9 @@ def create_storage(
         """
         if backup_rule is None:
             backup_rule = {}
+
+        encrypted_str = 'yes' if encrypted else 'no'
+
         body = {
             'storage': {
                 'size': size,
@@ -60,6 +64,7 @@ def create_storage(
                 'title': title,
                 'zone': zone,
                 'backup_rule': backup_rule,
+                'encrypted': encrypted_str,
             }
         }
         res = self.api.post_request('/storage', body)
diff --git a/upcloud_api/storage.py b/upcloud_api/storage.py
index 9771ef2..51e9ebb 100644
--- a/upcloud_api/storage.py
+++ b/upcloud_api/storage.py
@@ -21,6 +21,7 @@ class Storage(UpCloudResource):
     ATTRIBUTES = {
         'access': None,
         'address': None,
+        'encrypted': None,
         'labels': None,
         'license': None,
         'state': None,
@@ -55,12 +56,26 @@ def _reset(self, **kwargs) -> None:
         elif 'storage_size' in kwargs:
             self.size = kwargs['storage_size']
 
+        if kwargs.get('encrypted') == 'yes':
+            self.encrypted = True
+        else:
+            self.encrypted = False
+
         # send the rest to super._reset
 
         filtered_kwargs = {
             key: val
             for key, val in kwargs.items()
-            if key not in ['uuid', 'storage', 'title', 'storage_title', 'size', 'storage_size']
+            if key
+            not in [
+                'uuid',
+                'storage',
+                'title',
+                'storage_title',
+                'size',
+                'storage_size',
+                'encrypted',
+            ]
         }
         super()._reset(**filtered_kwargs)
 
@@ -153,6 +168,9 @@ def to_dict(self):
                 dict_labels.append(label.to_dict())
             body['labels'] = dict_labels
 
+        if hasattr(self, 'encrypted') and isinstance(self.encrypted, bool):
+            body['encrypted'] = "yes" if self.encrypted else "no"
+
         return body
 
     @staticmethod