You can use a standard key provider to perform virtual machine encryption tasks.
In vSphere, a standard key provider gets encryption keys directly from a key server, and the vCenter Server distributes the keys to the required ESXi hosts in a data center.
You can add separate standard key providers for different users and set the default standard key provider.
Standard Key Provider Requirements
- vSphere 6.5 or later
- An external key server (KMS)
The key server must support the Key Management Interoperability Protocol (KMIP) 1.1 standard. See the vSphere Compatibility Matrices for details.
You can find information about VMware certified key server (KMS) vendors in the VMware Compatibility Guide under Platform and Compute. If you select Compatibility Guides, you can open the Key Management Server (KMS) compatibility documentation. This documentation is updated frequently.
Standard Key Provider Privileges
Standard key providers use the Cryptographer.* privileges. See Cryptographic Operations Privileges.