You can decrypt a virtual machine by changing its storage policy.

All encrypted virtual machines require encrypted vMotion. During virtual machine decryption, the Encrypted vMotion setting remains. To change this setting so that Encrypted VMotion is no longer used, change the setting explicitly.

This task explains how to perform decryption using storage policies. For virtual disks, you can also perform decryption using the Edit Settings menu.


  • The virtual machine must be encrypted.

  • The virtual machine must be powered off or in maintenance mode.

  • Required privileges: Cryptographic operations > Decrypt


  1. Connect to vCenter Server by using the vSphere Web Client.
  2. Right-click the virtual machine that you want to change and select VM Policies > Edit VM Storage Policies..

    You can set the storage policy for the virtual machine files, represented by VM home, and the storage policy for virtual disks.

  3. Select a storage policy from the drop-down menu.
    • To decrypt the virtual machine and its hard disks, click Apply to all.

    • To decrypt a virtual disk but not the virtual machine, select a storage policy for the virtual disk from the drop-down menu in the table. Do not change the policy for VM Home.

    You cannot decrypt the virtual machine and leave the disk encrypted.

  4. Click OK.
  5. (Optional) You can now change the Encrypted VMotion setting.
    1. Right-click the virtual machine and click Edit Settings.
    2. Click VM Options, and open Encryption.
    3. Set the Encrypted vMotion value.