You can use a standard key provider to perform virtual machine encryption tasks.

What Is a Standard Key Provider?

In vSphere, a standard key provider gets encryption keys directly from a key server, and the vCenter Server distributes the keys to the required ESXi hosts in a data center.

You can add separate standard key providers for different users and set the default standard key provider.

vSphere Standard Key Provider Requirements

  • vSphere 6.5 or later
  • An external key server (KMS)

The Key Management Server must support the Key Management Interoperability Protocol (KMIP) 1.1 standard. See the vSphere Compatibility Matrices for details.

You can find information about VMware certified KMS vendors in the VMware Compatibility Guide under Platform and Compute. If you select Compatibility Guides, you can open the Key Management Server (KMS) compatibility documentation. This documentation is updated frequently.

Standard Key Provider Privileges

Standard key providers use the Cryptographer.* privileges. See Cryptographic Operations Privileges.