API Methods to Prepare an
ESXi Host
Encryption interfaces for ESXi hosts are
additions to a previously existing managed object,
HostSystem
.
- HostSystem– managed object providing access to the ESXi host, including these additions:
- HostCryptoState– enumeration indicating whether the ESXi host is incapable of, prepared for encryption mode, or cryptography safe with its host key already set. Safe means that the ESXi host can encrypt virtual machines and will not leak keys.
- ConfigureCryptoKey– vCenter Server calls this method to set or change the key used for core dump encryption, and to place the host in safe mode. It is like callingPrepareCryptoandEnableCryptoin quick succession. Not supported if called on an ESXi host. As of vSphere 7.0 you can disable encryption on a host, after next reboot, by settingpendingIncapableinHostCryptoState.
- PrepareCrypto– this method puts the ESXi host in prepared mode so it can receive sensitive data, after being enabled.
- EnableCrypto– this method sets or changes the key for core dump encryption and puts the ESXi host in safe mode. It must be called in sequence afterPrepareCrypto.
The following data objects are used by theConfigureCryptoKeyandEnableCryptomethods above, and by the CryptoManager methods below in vSphere API Methods for Cryptographic Operations.- CryptoKeyPlain– data object representing a plain text cryptographic key.
- CryptoKeyId– data object representing a cryptographic key.
- CryptoKeyResult– data object representing the result of a cryptographic key operation.