When you create an encrypted virtual machine from the vSphere Web Client, any virtual disks that you add during virtual machine creation are encrypted. You can decrypt virtual disks that are encrypted by using the Edit VM Storage Policies option.

Note: An encrypted virtual machine can have virtual disks that are not encrypted. However, an unencrypted virtual machine cannot have encrypted virtual disks.

See Virtual Disk Encryption.

This task explains how to change the encryption policy using storage policies. You can also use the Edit Settings menu to make this change.


You must have the Cryptographic operations.Manage encryption policies privilege.


  1. Right-click the virtual machine in the vSphere Web Client and select VM Policies > Edit VM Storage Policies.
  2. Select the hard disk for which you want to change the storage policy, and select the policy that you want, for example Datastore Default.