diff --git a/README.md b/README.md
index 8d3d79ad..7ebc0f45 100644
--- a/README.md
+++ b/README.md
@@ -411,7 +411,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
 | <a name="input_enable_irsa"></a> [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no |
 | <a name="input_enable_kms_key_rotation"></a> [enable\_kms\_key\_rotation](#input\_enable\_kms\_key\_rotation) | Specifies whether key rotation is enabled | `bool` | `true` | no |
 | <a name="input_enabled_log_types"></a> [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | <pre>[<br/>  "audit",<br/>  "api",<br/>  "authenticator"<br/>]</pre> | no |
-| <a name="input_encryption_config"></a> [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | <pre>object({<br/>    provider_key_arn = optional(string)<br/>    resources        = optional(list(string), ["secrets"])<br/>  })</pre> | `{}` | no |
+| <a name="input_encryption_config"></a> [encryption\_config](#input\_encryption\_config) | Configuration block with encryption configuration for the cluster | <pre>object({<br/>    provider_key_arn = optional(string)<br/>    resources        = optional(list(string))<br/>  })</pre> | <pre>{<br/>  "resources": [<br/>    "secrets"<br/>  ]<br/>}</pre> | no |
 | <a name="input_encryption_policy_description"></a> [encryption\_policy\_description](#input\_encryption\_policy\_description) | Description of the cluster encryption policy created | `string` | `"Cluster encryption policy to allow cluster role to utilize CMK provided"` | no |
 | <a name="input_encryption_policy_name"></a> [encryption\_policy\_name](#input\_encryption\_policy\_name) | Name to use on cluster encryption policy created | `string` | `null` | no |
 | <a name="input_encryption_policy_path"></a> [encryption\_policy\_path](#input\_encryption\_policy\_path) | Cluster encryption policy path | `string` | `null` | no |
diff --git a/variables.tf b/variables.tf
index d8ade28a..81211a8e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -165,9 +165,11 @@ variable "encryption_config" {
   description = "Configuration block with encryption configuration for the cluster"
   type = object({
     provider_key_arn = optional(string)
-    resources        = optional(list(string), ["secrets"])
+    resources        = optional(list(string))
   })
-  default = {}
+  default = {
+    resources = ["secrets"]
+  }
 }
 
 variable "attach_encryption_policy" {