Before you can start with virtual machine encryption tasks, you must set up the standard key provider. That task includes adding the key provider and establishing trust with the Key Management Server (KMS). When you add a key provider, you are prompted to make it the default. You can explicitly change the default key provider. vCenter Server provisions keys from the default key provider.

What was previously called a Key Management Server cluster in vSphere 6.5 and 6.7 is now called a key provider.

Note: If you are configuring a trusted key provider for vSphere Trust Authority, see Configuring vSphere Trust Authority in Your vSphere Environment instead of these instructions.

The Key Management Server must support the Key Management Interoperability Protocol (KMIP) 1.1 standard. See the vSphere Compatibility Matrices for details.

You can find information about VMware certified KMS vendors in the VMware Compatibility Guide under Platform and Compute. If you select Compatibility Guides, you can open the Key Management Server (KMS) compatibility documentation. This documentation is updated frequently.