You can configure the trusted key provider by using the vSphere Client.



  1. Connect to vCenter Server of the Trusted Cluster by using the vSphere Client.
  2. Log in as the vCenter Server administrator, or an administrator that has the Cryptographic operations.Manage key servers privilege.
  3. Select the vCenter Server, then select Configure.
  4. Select Key Providers under Security.
  5. Select Add Trusted Key Providers.
    The trusted key providers that are available are shown with a status of Connected.
  6. Select a trusted key provider and click Add Key Providers.
    The trusted key provider is shown as Trusted and Connected. If this is the first trusted key provider that you add, it is marked as the default.
    Note: It takes a while for all the hosts to be able to get the key provider, and for the vCenter Server to update its cache. Because of the way the information is propagated, you might have to wait for a few minutes to use the key provider for key operations on some of the hosts.


ESXi Trusted Hosts can now perform cryptographic operations, such as creating encrypted virtual machines.

What to do next

Encrypting a virtual machine with a trusted key provider looks the same as the virtual machine encryption user experience that was first delivered in vSphere 6.5. See Using Encryption in Your vSphere Environment.