Skip to main content
Before you can start with virtual machine encryption tasks, you must set up the Standard Key Provider. Setting up a Standard Key Provider includes adding the key provider and establishing trust with the key server. When you add a key provider, you are prompted to make it the default, but you can explicitly change the default key provider later. vCenter Server provisions keys from the default key provider.
What was previously called a Key Management Server cluster in vSphere 6.5 and 6.7 is now called a Key Provider.
Perform the following steps to register CryptoHub as the Standard Key Provider:
1
Log in to the vCenter Server system with the vSphere Client.
2
Browse the inventory list and select the vCenter Server instance.
3
Select [ Configure ] and select Key Providers under Security.
4
Select Add > Add Standard Key Provider.
5
Enter the key provider information and select [ Add Key Provider ].
The values specified in the Name and KMS fields can be anything. You must set the IP or hostname of the CryptoHub in the Address field. Specify the port number for the KMIP connection pair on the CryptoHub in the Port field (it is 5696 by default). Disregard the Proxy configuration and Password protection fields.
6
When you see the TLS certificate configured for the KMIP connection pair on the CryptoHub, select [ Trust ].
The CryptoHub now displays as a key provider in the vSphere Client.