You can decrypt a virtual machine, its disks, or both, by changing the storage policy.

This task describes how to decrypt an encrypted virtual machine using either the vSphere Client (HTML5-based client) or the vSphere Web Client.

All encrypted virtual machines require encrypted vMotion. During virtual machine decryption, the Encrypted vMotion setting remains. To change this setting so that Encrypted vMotion is no longer used, change the setting explicitly.

This task explains how to perform decryption using storage policies. For virtual disks, you can also perform decryption using the Edit Settings menu.

Prerequisites

  • The virtual machine must be encrypted.
  • The virtual machine must be powered off or in maintenance mode.
  • Required privileges: Cryptographic operations.Decrypt

Procedure

  1. Connect to vCenter Server by using either the vSphere Client (HTML5-based client) or the vSphere Web Client.
  2. Right-click the virtual machine that you want to change and select VM Policies > Edit VM Storage Policies.
    You can set the storage policy for the virtual machine files, represented by VM home, and the storage policy for virtual disks.
  3. Select a storage policy.
    • vSphere Client (HTML5-based client):
      • To decrypt the VM and its hard disks, toggle off Configure per disk, select a storage policy from the drop-down menu, and click OK.
      • To decrypt a virtual disk but not the virtual machine, toggle on Configure per disk, select the encryption storage policy for VM Home and other storage policies for the virtual disks, and click OK.
    • vSphere Web Client:
      • To decrypt the virtual machine and its hard disks, select a storage policy from the drop-down menu, click Apply to all, and click OK.
      • To decrypt a virtual disk but not the virtual machine, select a storage policy for the virtual disk from the drop-down menu in the table. Do not change the policy for VM Home. Click OK.
    You cannot decrypt the virtual machine and leave the disk encrypted.
  4. If you prefer, you can use the vSphere Client (HTML5-based client) to decrypt the virtual machine and disks from the Edit Settings menu.
    1. Right-click the virtual machine and select Edit Settings.
    2. Select the VM Options tab and expand Encryption.
    3. To decrypt the VM and its hard disks, choose None from the Encrypt VM drop-down menu.
    4. To decrypt a virtual disk but not the virtual machine, deselect the disk.
    5. Click OK.
  5. (Optional) You can change the Encrypted vMotion setting.
    1. Right-click the virtual machine and click Edit Settings.
    2. Click VM Options, and open Encryption.
    3. Set the Encrypted vMotion value.