What Is Encrypted Virtual machine encryption supports encrypting virtual machine files, virtual disk files, and core dump files. Virtual Machine FilesMost virtual machine files, in particular guest data that are not stored in the VMDK file, are encrypted. This set of files includes but is not limited to the NVRAM (memory), VSWP (swap), and VMSN (snapshot) files. The key that vCenter Server retrieves from the KMS unlocks an encrypted bundle in the VMX file that contains internal keys and other secrets. Virtual Disk FilesData in an encrypted virtual disk (VMDK) file are never written in cleartext to storage or physical disk, and is never transmitted over the network in cleartext. The VMDK descriptor file is mostly cleartext, but contains a key ID for the KEK and the internal key (DEK) in the encrypted bundle.Core Dump FilesCore dumps on an ESXi host that has encryption mode enabled are always encrypted. You can decrypt and password protect ESXi core dumps using the crypto-util command-line tool on the ESXi host. Parent topic: How Virtual Machine Encryption Protects a Datacenter