To validate key lifecycle behavior, remove encryption from the virtual machine:
-
In vCenter, select the encrypted virtual machine.
-
Right-click the virtual machine and select VM Policies → Edit VM Storage Policies
-
In the VM Storage Policy section:
-
Select a non-encrypted (default) policy.
-
-
Click OK to apply the changes.
-
Monitor the task progress until completion.
-
The virtual machine is no longer marked as encrypted.
-
In ESKM:
-
The previously created KMIP keys remain present.
-
The keys remain in Active state.
-