Encrypt Using Different
Keys
This method shows how to use two different
keys to encrypt the virtual machine (VM home) and its disk.
Different encryption keys for VM home and
virtual disk
void EncryptUsingDifferentKeys() throws Exception { // Create VirtualMachineConfigSpec and VirtualDeviceConfigSpec VirtualMachineConfigSpec vmConfigSpec = new VirtualMachineConfigSpec(); VirtualDeviceConfigSpec diskSpec = new VirtualDeviceConfigSpec(); // Get VirtualMachineProfileSpec for encryption profile you created and name it VirtualMachineProfileSpec encryptionProfile = new VirtualMachineDefinedProfileSpec(); // Get VirtualDisk for disk to be reconfigured as shown in VMReconfig and name it diskSpec.setDevice(disk); diskSpec.setOperation(VirtualDeviceConfigSpecOperation.EDIT); // Add encryption profile to VirtualDeviceConfigSpec diskSpec.getProfile().add(encryptionProfile); // Create CryptoSpec for disk encryption and get KeyId from from CryptoManager // See CryptoManager for details on generating or retrieving CryptoKeyId CryptoSpecEncrypt cryptoSpecForDisk = new CryptoSpecEncrypt(); cryptoSpecForDisk.setCryptoKeyId(keyIdForDiskEncryption); // Add CryptoSpecEncrypt to diskSpec backing VirtualDeviceConfigSpecBackingSpec backingSpec = new VirtualDeviceConfigSpecBackingSpec(); backingSpec.setCrypto(cryptoSpecForDisk); diskSpec.setBacking(backingSpec); // When encrypting a VirtualDisk, the virtual machine home must also be encrypted. // You can choose the same key to encrypt VM home and disk, or use different keys. // Create CryptoSpec for VM Home encryption and get KeyId from CryptoManager. CryptoSpecEncrypt cryptoSpecForVMHome = new CryptoSpecEncrypt(); cryptoSpecForVMHome.setCryptoKeyId(keyIdForVMHomeEncryption); // Set cryptoSpec and profile for encrypting virtual machine home vmConfigSpec.setCrypto(cryptoSpecForVMHome); vmConfigSpec.getVmProfile().add(encryptionProfile); // Set the device changes vmConfigSpec.getDeviceChange().add(diskSpec); }