|
Name
|
Type
|
Description
|
| changing | xsd:boolean |
Whether encryption state is currently changing to have all disk groups
matching the state described in enabled.
|
| clientCert | xsd:string |
Client certificate in PEM encoding. Host will use this certificate
for authentication when connecting to KMS.
|
| clientKey | xsd:string |
Client private key. Host will use this key for authentication when
connecting to KMS.
|
| dekGenerationId | xsd:long |
Data Encryption Key (DEK) generation number.
|
| enabled | xsd:boolean |
Encryption enablement state.
|
| eraseDisksBeforeUse | xsd:boolean |
Whether disks should be wiped when a normal disk is converted to
encrypted disk, or a disk is claimed as encrypted disk, or a disk
runs deep rekey. If set true, every sector on a disk will be written
with random data. Disk wipe does significantly reduce the possibility
of data leak and increases the attacker's cost to reveal sensitive
data. The disadvantage of disk wipe is that it takes a long time to
finish, so turn it on through UI or API only when necessary. If not
set, disk won't be wiped.
|
| hostKeyId | xsd:string |
The Id of host key which is used for host core dump encryption. This
should be generated by vCenter to call key management server and pass to
ESXi host. ESXi host can later retrieve the key with this ID.
|
| kekId | xsd:string |
Unique ID for the KEK in the KMS cluster. It's returned by KMS after
vCenter invoking key generation operation. ESX host can retrieve the key
with this ID.
|
| kmipServers | KmipServerSpec[] |
The KMS servers where the global KEK is created and stored. Host will
fetch KEK from the KMS cluster with given KEK ID.
|
| kmsServerCerts | xsd:string[] |
Certificates of Key Management Servers in PEM encoding. Host will use
these certificates to decide if a KMS should be trusted or not.
|
|
Properties inherited from DynamicData |
| None |