VMware Cloud Community
maxmarkwart
Contributor
Contributor
‎03-19-2018 08:29 AM

How to choose the KMS for VM encryption

Hi all,

according to Set up Separate KMS Clusters for Different Users you can use different KMS for different users. I set this up, but how can I choose which KMS to use?

I know that I can switch the Default KMS, but why should the documentation state "Having multiple KMS connections is helpful, for example, if you want to grant different departments in your company access to different sets of KMS keys." if I cannot choose which one to use for what VM?

pastedImage_1.png

Clarified what I am looking for - different KMS for different VMs for example.

0 Kudos
4 Replies
Debashish_Rath
Enthusiast
Enthusiast
‎03-19-2018 10:54 AM

Hi Max

It is a very interesting question and i also never tested the same.

Found a doc on docs.vmware.com , please check if it answers your query but i i never tried it.

Set up Separate KMS Clusters for Different Users 

Sincerely, Debashish Kumar Rath SkyLine Support Moderator
0 Kudos
maxmarkwart
Contributor
Contributor
‎03-22-2018 02:05 AM

Hi Debashish,

yes, the article describe how to set it up and why you would do it, but it never tells how to use it Smiley Happy

I followed this article to set up different KMS users, and now what? How can I chose KMS1 or KMS2 except setting a default one?

Thanks,

Matthias

0 Kudos
elpampa
Contributor
Contributor
‎02-23-2024 09:01 AM

any update?

thank you!

0 Kudos
PedroAzzurro
Contributor
Contributor
‎02-27-2024 03:40 AM

Also interested to understand a little bit more around the plan on how the keys will be used. For example: If it is intended for vSAN datastore encryption then there is a scenario where the KMS source obviously would have to reside out-with the datastore that is being protected, else the protected storage will be inaccessible following host restart. I doubt this is the case given the post title, but wasn't 100% sure when reading.

0 Kudos