diff --git a/test/e2e/testing-manifests/auth/encrypt/README.md b/test/e2e/testing-manifests/auth/encrypt/README.md
new file mode 100644
index 00000000000..27fb2e7d159
--- /dev/null
+++ b/test/e2e/testing-manifests/auth/encrypt/README.md
@@ -0,0 +1,46 @@
+# Encryption at rest testing manifests
+
+This directory contains manifests for testing encryption at rest with a [mock KMS provider](../../../../../staging/src/k8s.io/kms/internal/plugins/mock). The mock KMS provider is a fake KMS provider that does not communicate with any external KMS. It is used for testing purposes only.
+
+## run-e2e.sh
+
+The `run-e2e.sh` script does the following:
+
+1. Installs required prerequisites: [`kind`](https://sigs.k8s.io/kind) and [`kubetest2`](https://github.com/kubernetes-sigs/kubetest2).
+2. Builds the `e2e.test`, `ginkgo` and `kubectl` binaries.
+3. Creates local registry if not already present. This registry is used to push the kms mock plugin image.
+4. Build and push the kms mock plugin image to the local registry.
+5. Connect local registry to kind network so that kind cluster created using `kubetest2` in prow CI job can pull the kms mock plugin image.
+6. Create kind cluster using `kubetest2` and run e2e tests.
+7. Collect logs and metrics from kind cluster.
+8. Delete kind cluster.
+
+The script extracts runtime configurations through environment variables. The following environment variables are supported:
+
+| Variable              | Description                                                                     | Default |
+| --------------------- | ------------------------------------------------------------------------------- | ------- |
+| `SKIP_DELETE_CLUSTER` | If set to `true`, the kind cluster will not be deleted after the tests are run. | `false` |
+| `SKIP_RUN_TESTS`      | If set to `true`, the tests will not be run.                                    | `false` |
+| `SKIP_COLLECT_LOGS`   | If set to `true`, the logs and metrics will not be collected.                   | `false` |
+
+### Running the script locally
+
+Run the script locally with the following command:
+
+```bash
+test/e2e/testing-manifests/auth/encrypt/run-e2e.sh
+```
+
+### Create a local cluster with mock KMS provider
+
+The `run-e2e.sh` script can be used to create a local cluster with mock KMS provider. The following command creates a local cluster with mock KMS provider:
+
+```bash
+SKIP_RUN_TESTS=true SKIP_DELETE_CLUSTER=true SKIP_COLLECT_LOGS=true test/e2e/testing-manifests/auth/encrypt/run-e2e.sh
+```
+
+Delete the cluster after use:
+
+```bash
+kind delete cluster --name=kms
+```
diff --git a/test/e2e/testing-manifests/auth/encrypt/run-e2e.sh b/test/e2e/testing-manifests/auth/encrypt/run-e2e.sh
index 64bf70ea8d2..3664ccb2634 100755
--- a/test/e2e/testing-manifests/auth/encrypt/run-e2e.sh
+++ b/test/e2e/testing-manifests/auth/encrypt/run-e2e.sh
@@ -88,36 +88,46 @@ connect_registry(){
 create_cluster_and_run_test() {
     CLUSTER_CREATE_ATTEMPTED=true
 
+    TEST_ARGS=""
+    if [ "${SKIP_RUN_TESTS:-}" != "true" ]; then
+        # (--use-built-binaries) use the kubectl, e2e.test, and ginkgo binaries built during --build as opposed to from a GCS release tarball
+        TEST_ARGS="--test=ginkgo -- --v=5 --focus-regex=\[Conformance\] --skip-regex=\[Serial\] --parallel 20 --use-built-binaries"
+    else
+        echo "Skipping running tests"
+    fi
+
+    # shellcheck disable=SC2086
     kubetest2 kind -v 5 \
     --build \
     --up \
     --rundir-in-artifacts \
     --config test/e2e/testing-manifests/auth/encrypt/kind.yaml \
-    --cluster-name "${cluster_name}" \
-    --test=ginkgo \
-    -- \
-    --v=5 \
-    --focus-regex='\[Conformance\]' \
-    --skip-regex='\[Serial\]' \
-    --parallel 20 \
-    --use-built-binaries # use the kubectl, e2e.test, and ginkgo binaries built during --build as opposed to from a GCS release tarball
+    --cluster-name "${cluster_name}" ${TEST_ARGS}
 }
 
 cleanup() {
     # CLUSTER_CREATE_ATTEMPTED is true once we run kubetest2 kind --up
     if [ "${CLUSTER_CREATE_ATTEMPTED:-}" = true ]; then
-        # collect logs and metrics
-        echo "Collecting logs"
-        mkdir -p "${ARTIFACTS}/logs"
-        kind "export" logs "${ARTIFACTS}/logs" --name "${cluster_name}"
+        if [ "${SKIP_COLLECT_LOGS:-}" != "true" ]; then
+            # collect logs and metrics
+            echo "Collecting logs"
+            mkdir -p "${ARTIFACTS}/logs"
+            kind "export" logs "${ARTIFACTS}/logs" --name "${cluster_name}"
 
-        echo "Collecting metrics"
-        mkdir -p "${ARTIFACTS}/metrics"
-        kubectl get --raw /metrics > "${ARTIFACTS}/metrics/kube-apiserver-metrics.txt"
+            echo "Collecting metrics"
+            mkdir -p "${ARTIFACTS}/metrics"
+            kubectl get --raw /metrics > "${ARTIFACTS}/metrics/kube-apiserver-metrics.txt"
+        else
+            echo "Skipping collecting logs and metrics"
+        fi
 
-        echo "Deleting kind cluster"
-        # delete cluster
-        kind delete cluster --name "${cluster_name}"
+        if [ "${SKIP_DELETE_CLUSTER:-}" != "true" ]; then
+            echo "Deleting kind cluster"
+            # delete cluster
+            kind delete cluster --name "${cluster_name}"
+        else
+            echo "Skipping deleting kind cluster"
+        fi
     fi
 }