Virtual Machine Encryption APIs

vSphere virtual machine encryption protects virtual machines, virtual disks, and related files. First you set up a trusted connection between vCenter Server and a key management server (KMS), then vCenter Server can retrieve keys from the KMS as needed.

Various aspects of virtual machine encryption are handled differently. You manage setup of the KMS trusted connection and perform most encryption workflows from the vSphere Client. You manage automation of some advanced features using the vSphere Web Services SDK, as discussed in this chapter. You use the crypto-util command-line tool directly on ESXi hosts for some special cases, for example, to decrypt the core dumps in a vm-support bundle.