You can configure the trusted key provider by using the vSphere Client.

Procedure

  1. Connect to vCenter Server of the Trusted Cluster by using the vSphere Client.
  2. Log in as the vCenter Server administrator, or an administrator that has the Cryptographic operations.Manage key servers privilege.
  3. Select the vCenter Server, then select Configure.
  4. Select Key Providers under Security.
  5. Select Add Trusted Key Providers.
    The trusted key providers that are available are shown with a status of Connected.
  6. Select a trusted key provider and click Add Key Providers.
    The trusted key provider is shown as Trusted and Connected. If this is the first trusted key provider that you add, it is marked as the default.

Results

ESXi Trusted Hosts can now perform cryptographic operations, such as creating encrypted virtual machines.

What to do next

Encrypting a virtual machine with a trusted key provider looks the same as the virtual machine encryption user experience that was first delivered in vSphere 6.5. See Use Encryption in Your vSphere Environment.