You can use the vSphere Client to restore the vSphere Native Key Provider.

You can restore a vSphere Native Key Provider in case it was accidentally deleted or if you must perform a disaster recovery.

When you restore a vSphere Native Key Provider, you do not need to back up the key provider again. The initial backup suffices. Continue to maintain the backup file in a secure location.
Note: You can also use this task to configure vSphere Native Key Provider for vCenter Server systems in an Enhanced Linked Mode configuration. After you create the vSphere Native Key Provider on one vCenter Server system in the Enhanced Linked Mode configuration, use the Restore function to import the encrypted key file to the other ELM-connected vCenter Server systems.

Prerequisites

  • Required privilege: Cryptographic operations.Manage key servers
  • The key provider backup file.
  • The password for the key provider file, if you entered one when you backed up the key provider.

Procedure

  1. Log in to the vCenter Server system with the vSphere Client.
  2. Browse the inventory list and select the vCenter Server instance.
  3. Click Configure, and under Security click Key Providers.
  4. Select the vSphere Native Key Provider and click Restore.
  5. Browse to the file location and select the backup encrypted key file.
    The file was saved in PKCS#12 format.
  6. (Optional) If the file is password protected, enter the password.
  7. Click Next.
  8. (Optional) If you decided to use this key provider only with TPM-protected ESXi hosts, select the check box.
  9. Click Finish.

Results

The vSphere Native Key Provider is imported to the vCenter Server. To use the vSphere Native Key Provider for encryption tasks, ensure that you first select it in the Key Provider pane and click Set as Default.