You can use the vSphere Client to delete a standard key provider from vCenter Server.

After you delete a standard key provider, virtual machines that have vTPMs or that are encrypted continue to run. If you reboot the ESXi host, its encrypted virtual machines enter a locked state. After you unregister these virtual machines, they enter a locked state when you try to re-register them. The only way to unlock the virtual machines is to restore the previous standard key provider.

Prerequisites

Required privilege: Cryptographic operations.Manage key servers

Before you delete a standard key provider, rekey any encrypted virtual machines and datastores that were encrypted using that key provider to another key provider. See Rekey an Encrypted Virtual Machine Using the vSphere Client.

In addition, maintain a backup of the standard key provider in case you must rekey an encrypted virtual machine after deleting the key provider.

Procedure

  1. Log in to the vCenter Server system with the vSphere Client.
  2. Browse the inventory list and select the vCenter Server instance.
  3. Click Configure, and under Security click Key Providers.
  4. Select the standard key provider you want to delete.
  5. Click Delete.
  6. Read the warning message and slide the slider all the way to the right.
  7. Click Delete.

Results

The standard key provider is removed from the vCenter Server.