Google Cloud Storage should be encrypted to protect sensitive information. It is considered best practice to encrypt data at-rest in any environment that supports it, especially as it is often required for certain compliance frameworks or industry regulations.
Encryption of Cloud Storage data at-rest is configured by default. To use a customer-managed key, follow the instructions below.
In GCP Console -
In Terraform -
References:
https://cloud.google.com/storage/docs/encryption
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#nested_encryption