Recrypt Only Key Encryption Keys

For shallow recrypt, which affects only the key encryption keys (KEKs), set the
crypto
property in the
VirtualMachineConfigSpec
to
CryptoSpecShallowRecrypt
and call the
Reconfigure
method.
Shallow Recrypt
void ShallowRecrypt() throws Exception { // Shallow recrypt follows the same flow as encrypt. The two differences are: // - Instead of using a new encryption profile, just get the previously // applied profile from the virtual machine to be reconfigured and use it. // - The type of CryptoSpec object created is CryptoSpecShallowRecrypt() // Create CryptoSpec for shallow recrypt // Get Key Id from CryptoManager as newKeyId CryptoSpecShallowRecrypt cryptoSpec = new CryptoSpecShallowRecrypt(); cryptoSpec.setNewKeyId(newKeyId); // Follow steps from Encrypt() }
Shallow recrypt can be done with the virtual machine powered on. Deep recrypt requires power off.