You can use Site Recovery Manager to protect and recover encrypted virtual machines with array-based protection groups, storage policy protection groups, and vSphere Replication protection groups.

Encryption protects not only your virtual machine but also virtual machine disks and other files. You set up a trusted connection between vCenter Server and a key management server (KMS). vCenter Server can then retrieve keys from the KMS as needed. You must use a KMS cluster registered with the same name on the protected and the recovery sites. For more information, see Set Up the KMS Cluster in the Administering VMware vSAN guide.

To perform a guest customization of encrypted virtual machines, Site Recovery Manager requires ESXi 6.5 or later.

For more information on virtual machine encryption, see Virtual Machine Encryption in the vSphere Security documentation.

For more information about storage policy protection groups and encrypted virtual machines, see Protect an Encrypted VM.

For more information about vSphere Replication and encrypted virtual machines, see Replicating Encrypted Virtual Machines in the vSphere Replication Administration documentation.