You can use the vSphere Client to restore the vSphere Native Key Provider.

You can restore a Native Key Provider in case it was accidentally deleted or if you must perform a disaster recovery.

When you restore a vSphere Native Key Provider, you do not need to back up the key provider again. The initial backup suffices. Continue to maintain the backup file in a secure location.


  • Required privilege: Cryptographic operations.Manage key servers
  • The key provider backup file.
  • The password for the key provider file, if you entered one when you backed up the key provider.


  1. Log in to the vCenter Server system with the vSphere Client.
  2. Browse the inventory list and select the vCenter Server instance.
  3. Click Configure, and under Security click Key Providers.
  4. Select the vSphere Native Key Provider and click Restore.
  5. Browse to the file location and select the backup encrypted key file.
    The file was saved in PKCS#12 format.
  6. (Optional) If the file is password protected, enter the password.
  7. Click Next.
  8. (Optional) If you decided to use this key provider only with TPM-protected ESXi hosts, select the check box.
  9. Click Finish.


The vSphere Native Key Provider is restored.