As a tenant, refer to the content in this chapter to learn how to configure and manage encryption with VMware Cloud Director Encryption Management.
Encrypting objects in VDCs
Set up key provider
You set up your key provider for encryption by authenticating to it with your credentials and setting up an encryption key.
Prerequisites
- You have a third-party key provider account and access to the key provider credentials.
- Your cloud provider has already registered and published the key provider to your organization.
You must have a tenant role which grants you the right to configure key providers.
Procedure
Results
All encrypted objects in the selected organization VDCs are re-encrypted in the background with the selected encryption key. All newly created objects in the VDCs will also be encrypted with the encryption key.
Configure virtual data center encryption
You can encrypt virtual data centers (VDCs) without an associated key provider or override the encryption of already encrypted VDCs.
Procedure
Results
The encryption process runs in the background, re-encrypting all affected objects with the specified key.
Change virtual data center encryption key
You can change the encryption key of an encrypted virtual data center (VDC).
Procedure
- On the top navigation bar, click .
- Click the name of the key provider you want to use.
- Next to the VDC, click the vertical-ellipsis icon () and click Change Key.
- To generate a new key in your key provider, click GENERATE KEY, or alternatively paste the ID of a pre-generated key.
- Confirm that you want to perform the operation and click SUBMIT.
Results
The encryption process runs in the background, re-encrypting all affected objects with the specified key.
Deactivate virtual data center encryption
You can deactivate the encryption of a virtual data center (VDC) by removing the key used for encryption.
Prerequisites
vSphere must either be configured with a default key provider or there must be no encrypted objects in the VDC. If no default key provider is configured and there are encrypted objects in that VDC, you cannot deactivate the VDC encryption. For more information, refer to the vSphere Documentation.
Procedure
- On the top navigation bar, click .
- Click the name of the key provider used to encrypt the VDC you want to manage.
- Next to the VDC, click the vertical-ellipsis icon () and click Remove Key From Org VDC.
- Move the slider to the right, review the information, and click UNREGISTER.
Results
The process runs in the background, re-encrypting all affected objects with the default key provider configured in vSphere.