You can delete a vSphere Native Key Provider from vCenter Server.
After you delete a vSphere Native Key Provider, virtual machines that have vTPMs or that are encrypted continue to run. If you reboot the ESXi host, its encrypted virtual machines enter a locked state. After you unregister these virtual machines, they enter a locked state when you try to re-register them. The only way to unlock the virtual machines is to restore the previous vSphere Native Key Provider.
Prerequisites
Required privilege:
Before you delete a vSphere Native Key Provider, rekey any encrypted virtual machines and datastores that were encrypted using that key provider to another key provider. Maintain a backup of the vSphere Native Key Provider in case you must rekey an encrypted virtual machine after deleting the key provider.
Procedure
- Log in to the vCenter Server system with the vSphere Client.
- Browse the inventory list and select the vCenter Server instance.
- Click Configure, and under Security click Key Providers.
- Select the key provider you want to delete.
- Click Delete.
- Read the warning message and slide the slider all the way to the right.
- Click Delete.
Results
The vSphere Native Key Provider is removed from the vCenter Server.
