You can configure the trusted key provider by using the vSphere Client.
- Enable the Trust Authority Administrator.
- Enable the Trust Authority State.
- Collect Information About ESXi Hosts and vCenter Server to Be Trusted.
- Import the Trusted Host Information to the Trust Authority Cluster.
- Create the Key Provider on the Trust Authority Cluster.
- Export the Trust Authority Cluster Information.
- Import the Trust Authority Cluster Information to the Trusted Hosts.
- Connect to vCenter Server of the Trusted Cluster by using the vSphere Client.
- Log in as the vCenter Server administrator, or an administrator that has the privilege.
- Select the vCenter Server, then select Configure.
- Select Key Providers under Security.
- Select Add Trusted Key Providers.
The trusted key providers that are available are shown with a status of Connected.
- Select a trusted key provider and click Add Key Providers.
The trusted key provider is shown as Trusted and Connected. If this is the first trusted key provider that you add, it is marked as the default.Note: It takes a while for all the hosts to be able to get the key provider, and for the vCenter Server to update its cache. Because of the way the information is propagated, you might have to wait for a few minutes to use the key provider for key operations on some of the hosts.
ESXi Trusted Hosts can now perform cryptographic operations, such as creating encrypted virtual machines.
What to do next
Encrypting a virtual machine with a trusted key provider looks the same as the virtual machine encryption user experience that was first delivered in vSphere 6.5. See Use Encryption in Your vSphere Environment.