The following instructions describe how to set up SDKMS as a KMS server in vSphere from the vSphere Web Client. Once setup, SDKMS can be used for both vSphere VM encryption and VSAN encryption.
Create an SDKMS account.
Create an SDKMS App for VMware
Inside the SDKMS account, go to the Applications tab and create a new SDKMS app. For the “Interface” field choose “KMIP” and for “Authentication method” option choose “API key”. Click “Save” and after reviewing click “Finish”.
Obtain App Credentials
Go back to the “Applications” page and click “VIEW CREDENTIALS” of the app you just created. Then, click the “Username/Password” tab as shown below.
Configuring KMS in vCenter
Go to the “Key Management Servers” page in the vSphere Web Client and click “+ Add KMS”. Fill in the required information of the KMS server. In the “User name” and “Password” fields paste the values from the previous step.
After pressing OK the “Connection Status” column should show “Normal” and the “Certificate Status” column should show a green check with the expiration date of the certificate.
Establishing trust with Fortanix SDKMS
After adding the SDKMS KMS server in the VSphere Web Client it is necessary to establish trust with the server. In the “Key Management Servers” page click “Establish trust with KMS” and choose “Certificate”. If desired, save the Certificate and then click “OK”.
A second green check should appear in the “Certificate Status” column of the KMS cluster.
SDKMS is ready for use with VSAN encryption and vSphere VM encryption.