A standard key provider can perform VM encryption tasks.
Standard Key Provider
In vSphere, a standard key provider gets encryption keys directly from a key server, and the vCenter Server distributes the keys to the required ESXi hosts. Separate standard key providers can be added for different users and set as a default standard key provider.
vSphere Standard Key Provider Requirements
vSphere 6.5 or later
An external key server (KMS)
The Key Management Server (KMS) must support the Key Management Interoperability Protocol (KMIP) 1.1 standard. Information about VMware certified KMS vendors can be found in the VMware Compatibility Guide, under Platform and Compute. Under the Compatibility Guides menu, select the Key Management Server (KMS) compatibility documentation. This documentation is updated frequently.
Standard Key Provider Privileges
Standard key providers use the Cryptographer privileges. See Cryptographic Operations Privileges.
Key Provider Considerations |
|||
|---|---|---|---|
Key Provider |
External Key Server Required? |
Quick Setup? |
Works Only with vSphere? |
Standard key provider |
Yes |
No |
No |
Trusted key provider |
Yes |
No |
No |
vSphere- native key provider |
No |
Yes |
Yes |
