You must set the default key provider if you do not make the first key provider the default, or if your environment uses multiple key providers and you remove the default one. You can use PowerCLI to set the default key provider at the vCenter Server level, the cluster level, or the cluster folder level.

Prerequisites

As a best practice, verify that the Connection Status in the Key Providers tab shows Active and a green check mark.

You must have a role that includes the Cryptographic operations.Manage KMS privilege. In vSphere Trust Authority, the role must be applied to the Trusted Cluster.

Procedure

  1. Ensure that you are connected as an administrator to the vCenter Server where you created the key provider.
    Note: In vSphere Trust Authority, connect to the vCenter Server of the Trusted Cluster.
    Connect-VIServer -server VC_ip_address -User admin_user -Password 'password'
  2. Obtain the key provider.
    Get-KeyProvider

    You can use the -Name keyprovider option to specify a single key provider.

  3. Assign the Get-KeyProvider key provider information to a variable.
    For example, this command assigns the information to the variable $kp.
    $kp = Get-KeyProvider

    If you have multiple key providers, you can use Select-Object to select one of them.

    $kp = Get-KeyProvider | Select-Object -Index 0
  4. Use one of the following PowerCLI commands.
    Where to set the default Command
    vCenter Server level
    Set-KeyProvider -KeyProvider $kp -DefaultForSystem
    Cluster level This example command sets the key provider for the cluster CL-01.
    Add-EntityDefaultKeyProvider -KeyProvider $kp -Entity 'CL-01'
    Cluster Folder level This example command sets the key provider for the cluster folder Cluster-Folder-01.
    Add-EntityDefaultKeyProvider -KeyProvider $kp -Entity 'Cluster-Folder-01'