diff --git a/internal/rbd/rbd_util.go b/internal/rbd/rbd_util.go
index e33f72523..edfe4e2b4 100644
--- a/internal/rbd/rbd_util.go
+++ b/internal/rbd/rbd_util.go
@@ -1024,10 +1024,17 @@ func genSnapFromSnapID(
 			rbdSnap, err)
 	}
 
-	if imageAttributes.KmsID != "" {
+	if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeBlock {
 		err = rbdSnap.configureBlockEncryption(imageAttributes.KmsID, secrets)
 		if err != nil {
-			return fmt.Errorf("failed to configure encryption for "+
+			return fmt.Errorf("failed to configure block encryption for "+
+				"%q: %w", rbdSnap, err)
+		}
+	}
+	if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
+		err = rbdSnap.configureFileEncryption(imageAttributes.KmsID, secrets)
+		if err != nil {
+			return fmt.Errorf("failed to configure file encryption for "+
 				"%q: %w", rbdSnap, err)
 		}
 	}
@@ -1119,12 +1126,18 @@ func generateVolumeFromVolumeID(
 	rbdVol.ImageID = imageAttributes.ImageID
 	rbdVol.Owner = imageAttributes.Owner
 
-	if imageAttributes.KmsID != "" {
+	if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeBlock {
 		err = rbdVol.configureBlockEncryption(imageAttributes.KmsID, secrets)
 		if err != nil {
 			return rbdVol, err
 		}
 	}
+	if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
+		err = rbdVol.configureFileEncryption(imageAttributes.KmsID, secrets)
+		if err != nil {
+			return rbdVol, err
+		}
+	}
 	// convert the journal pool ID to name, for use in DeleteVolume cases
 	if imageAttributes.JournalPoolID >= 0 {
 		rbdVol.JournalPool, err = util.GetPoolName(rbdVol.Monitors, cr, imageAttributes.JournalPoolID)
diff --git a/internal/rbd/snapshot.go b/internal/rbd/snapshot.go
index c5f0a0bdf..e793d3e01 100644
--- a/internal/rbd/snapshot.go
+++ b/internal/rbd/snapshot.go
@@ -112,6 +112,7 @@ func generateVolFromSnap(rbdSnap *rbdSnapshot) *rbdVolume {
 	// snapshot will have the same volumeID which cases the panic in
 	// copyEncryptionConfig function.
 	vol.blockEncryption = rbdSnap.blockEncryption
+	vol.fileEncryption = rbdSnap.fileEncryption
 
 	return vol
 }