diff --git a/.changelog/4771.txt b/.changelog/4771.txt
new file mode 100644
index 0000000000..9e18b5ac12
--- /dev/null
+++ b/.changelog/4771.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added support for setting `kms_key_name` on `google_compute_machine_image`
+```
diff --git a/google-beta/resource_compute_machine_image.go b/google-beta/resource_compute_machine_image.go
index 04d6223ca7..f34044f24a 100644
--- a/google-beta/resource_compute_machine_image.go
+++ b/google-beta/resource_compute_machine_image.go
@@ -77,6 +77,13 @@ instance from the image)`,
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"kms_key_name": {
+							Type:             schema.TypeString,
+							Optional:         true,
+							ForceNew:         true,
+							DiffSuppressFunc: compareCryptoKeyVersions,
+							Description:      `The name of the encryption key that is stored in Google Cloud KMS.`,
+						},
 						"kms_key_service_account": {
 							Type:     schema.TypeString,
 							Optional: true,
@@ -91,11 +98,6 @@ If absent, the Compute Engine Service Agent service account is used.`,
 							Description: `Specifies a 256-bit customer-supplied encryption key, encoded in
 RFC 4648 base64 to either encrypt or decrypt this resource.`,
 						},
-						"kms_key_name": {
-							Type:        schema.TypeString,
-							Computed:    true,
-							Description: `The name of the encryption key that is stored in Google Cloud KMS.`,
-						},
 						"sha256": {
 							Type:     schema.TypeString,
 							Computed: true,
diff --git a/google-beta/resource_compute_machine_image_generated_test.go b/google-beta/resource_compute_machine_image_generated_test.go
index 2922cd8e9f..df08da0863 100644
--- a/google-beta/resource_compute_machine_image_generated_test.go
+++ b/google-beta/resource_compute_machine_image_generated_test.go
@@ -68,6 +68,78 @@ resource "google_compute_machine_image" "image" {
 `, context)
 }
 
+func TestAccComputeMachineImage_computeMachineImageKmsExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProvidersOiCS,
+		CheckDestroy: testAccCheckComputeMachineImageDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeMachineImage_computeMachineImageKmsExample(context),
+			},
+		},
+	})
+}
+
+func testAccComputeMachineImage_computeMachineImageKmsExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_compute_instance" "vm" {
+  provider     = google-beta
+  name         = "vm%{random_suffix}"
+  machine_type = "e2-medium"
+
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-9"
+    }
+  }
+
+  network_interface {
+    network = "default"
+  }
+}
+
+resource "google_compute_machine_image" "image" {
+  provider        = google-beta
+  name            = "image%{random_suffix}"
+  source_instance = google_compute_instance.vm.self_link
+  machine_image_encryption_key {
+    kms_key_name = google_kms_crypto_key.crypto_key.id
+  }
+  depends_on = [google_project_iam_member.kms-project-binding]
+}
+
+resource "google_kms_crypto_key" "crypto_key" {
+  provider = google-beta
+  name     = "key%{random_suffix}"
+  key_ring = google_kms_key_ring.key_ring.id
+}
+
+resource "google_kms_key_ring" "key_ring" {
+  provider = google-beta
+  name     = "keyring%{random_suffix}"
+  location = "us"
+}
+
+data "google_project" "project" {
+  provider = google-beta
+}
+
+resource "google_project_iam_member" "kms-project-binding" {
+  provider = google-beta
+  project  = data.google_project.project.project_id
+  role     = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member   = "serviceAccount:service-${data.google_project.project.number}@compute-system.iam.gserviceaccount.com"
+}
+`, context)
+}
+
 func testAccCheckComputeMachineImageDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {
diff --git a/google-beta/resource_dataflow_flex_template_job_test.go b/google-beta/resource_dataflow_flex_template_job_test.go
index df04d28bb0..0d037482e0 100644
--- a/google-beta/resource_dataflow_flex_template_job_test.go
+++ b/google-beta/resource_dataflow_flex_template_job_test.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
-	"google.golang.org/api/compute/v1"
+	compute "google.golang.org/api/compute/v1"
 )
 
 func TestAccDataflowFlexTemplateJob_basic(t *testing.T) {
diff --git a/website/docs/r/compute_machine_image.html.markdown b/website/docs/r/compute_machine_image.html.markdown
index 0961621988..51b540d883 100644
--- a/website/docs/r/compute_machine_image.html.markdown
+++ b/website/docs/r/compute_machine_image.html.markdown
@@ -66,6 +66,64 @@ resource "google_compute_machine_image" "image" {
   source_instance = google_compute_instance.vm.self_link
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=compute_machine_image_kms&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Compute Machine Image Kms
+
+
+```hcl
+resource "google_compute_instance" "vm" {
+  provider     = google-beta
+  name         = "vm"
+  machine_type = "e2-medium"
+
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-9"
+    }
+  }
+
+  network_interface {
+    network = "default"
+  }
+}
+
+resource "google_compute_machine_image" "image" {
+  provider        = google-beta
+  name            = "image"
+  source_instance = google_compute_instance.vm.self_link
+  machine_image_encryption_key {
+    kms_key_name = google_kms_crypto_key.crypto_key.id
+  }
+  depends_on = [google_project_iam_member.kms-project-binding]
+}
+
+resource "google_kms_crypto_key" "crypto_key" {
+  provider = google-beta
+  name     = "key"
+  key_ring = google_kms_key_ring.key_ring.id
+}
+
+resource "google_kms_key_ring" "key_ring" {
+  provider = google-beta
+  name     = "keyring"
+  location = "us"
+}
+
+data "google_project" "project" {
+  provider = google-beta
+}
+
+resource "google_project_iam_member" "kms-project-binding" {
+  provider = google-beta
+  project  = data.google_project.project.project_id
+  role     = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member   = "serviceAccount:service-${data.google_project.project.number}@compute-system.iam.gserviceaccount.com"
+}
+```
 
 ## Argument Reference
 
@@ -117,6 +175,7 @@ The `machine_image_encryption_key` block supports:
   customer-supplied encryption key that protects this resource.
 
 * `kms_key_name` -
+  (Optional)
   The name of the encryption key that is stored in Google Cloud KMS.
 
 * `kms_key_service_account` -