diff --git a/changelogs/fragments/693-allow-discards.yaml b/changelogs/fragments/693-allow-discards.yaml
new file mode 100644
index 000000000..1afe193e9
--- /dev/null
+++ b/changelogs/fragments/693-allow-discards.yaml
@@ -0,0 +1,2 @@
+minor_changes:
+  - luks_device - add allow discards option (https://github.com/ansible-collections/community.crypto/pull/693).
diff --git a/plugins/modules/luks_device.py b/plugins/modules/luks_device.py
index f51eddd23..64c498706 100644
--- a/plugins/modules/luks_device.py
+++ b/plugins/modules/luks_device.py
@@ -293,13 +293,20 @@
     persistent:
         description:
             - "Allows the user to store options into container's metadata persistently and automatically use them next time.
-              Only O(perf_same_cpu_crypt), O(perf_submit_from_crypt_cpus), O(perf_no_read_workqueue), and O(perf_no_write_workqueue)
-              can be stored persistently."
+              Only O(perf_same_cpu_crypt), O(perf_submit_from_crypt_cpus), O(perf_no_read_workqueue), O(perf_no_write_workqueue),
+              and O(allow_discards) can be stored persistently."
             - "Will only work with LUKS2 containers."
             - "Will only be used when opening containers."
         type: bool
         default: false
         version_added: '2.3.0'
+    allow_discards:
+        description:
+            - "Allow discards (also known as TRIM) requests for device."
+            - "Will only be used when opening containers."
+        type: bool
+        default: false
+        version_added: '2.17.0'
 
 requirements:
     - "cryptsetup"
@@ -646,7 +653,7 @@ def run_luks_create(self, device, keyfile, passphrase, keyslot, keysize, cipher,
                              % (device, result[STDERR]))
 
     def run_luks_open(self, device, keyfile, passphrase, perf_same_cpu_crypt, perf_submit_from_crypt_cpus,
-                      perf_no_read_workqueue, perf_no_write_workqueue, persistent, name):
+                      perf_no_read_workqueue, perf_no_write_workqueue, persistent, allow_discards, name):
         args = [self._cryptsetup_bin]
         if keyfile:
             args.extend(['--key-file', keyfile])
@@ -660,6 +667,8 @@ def run_luks_open(self, device, keyfile, passphrase, perf_same_cpu_crypt, perf_s
             args.extend(['--perf-no_write_workqueue'])
         if persistent:
             args.extend(['--persistent'])
+        if allow_discards:
+            args.extend(['--allow-discards'])
         args.extend(['open', '--type', 'luks', device, name])
 
         result = self._run_command(args, data=passphrase)
@@ -983,6 +992,7 @@ def run_module():
         perf_no_read_workqueue=dict(type='bool', default=False),
         perf_no_write_workqueue=dict(type='bool', default=False),
         persistent=dict(type='bool', default=False),
+        allow_discards=dict(type='bool', default=False),
     )
 
     mutually_exclusive = [
@@ -1075,6 +1085,7 @@ def run_module():
                                     module.params['perf_no_read_workqueue'],
                                     module.params['perf_no_write_workqueue'],
                                     module.params['persistent'],
+                                    module.params['allow_discards'],
                                     name)
             except ValueError as e:
                 module.fail_json(msg="luks_device error: %s" % e)
diff --git a/tests/integration/targets/luks_device/tasks/tests/performance.yml b/tests/integration/targets/luks_device/tasks/tests/performance.yml
index 572625517..85f28ae4f 100644
--- a/tests/integration/targets/luks_device/tasks/tests/performance.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/performance.yml
@@ -15,6 +15,7 @@
         perf_no_read_workqueue: true
         perf_no_write_workqueue: true
         persistent: true
+        allow_discards: true
         pbkdf:
           iteration_time: 0.1
       check_mode: true
@@ -32,6 +33,7 @@
         perf_no_read_workqueue: true
         perf_no_write_workqueue: true
         persistent: true
+        allow_discards: true
       become: true
       register: create_open
     - name: Create and open (idempotent)
@@ -46,6 +48,7 @@
         perf_no_read_workqueue: true
         perf_no_write_workqueue: true
         persistent: true
+        allow_discards: true
       become: true
       register: create_open_idem
     - name: Create and open (idempotent, check)
@@ -60,6 +63,7 @@
         perf_no_read_workqueue: true
         perf_no_write_workqueue: true
         persistent: true
+        allow_discards: true
       check_mode: true
       become: true
       register: create_open_idem_check
@@ -80,6 +84,7 @@
           - "'no-write-workqueue' in luks_header.stdout"
           - "'same-cpu-crypt' in luks_header.stdout"
           - "'submit-from-crypt-cpus' in luks_header.stdout"
+          - "'allow-discards' in luks_header.stdout"
 
     - name: Dump device mapper table
       command: "dmsetup table {{ create_open.name }}"
@@ -91,6 +96,7 @@
           - "'no_write_workqueue' in dm_table.stdout"
           - "'same_cpu_crypt' in dm_table.stdout"
           - "'submit_from_crypt_cpus' in dm_table.stdout"
+          - "'allow_discards' in dm_table.stdout"
 
     - name: Closed and Removed
       luks_device: