VMware Cloud Community
h0d1p4p4
Contributor
Contributor
‎11-06-2023 03:02 AM
Jump to solution

Get ESXI host Encryption Mode status in powercli

Is there a way to only get the Host Encryption Mode status of an esxi via powercli? All our esxi have host encryption status disabled, but I didn't managed to find a way to get this info with powercli. Thanks!

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎11-06-2023 05:07 AM
Jump to solution

Try like this

Get-VMHost |
Select Name, @{N='CryptoState';E={$_.ExtensionData.Runtime.CryptoState}}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
3 Replies
LucD
Leadership
Leadership
‎11-06-2023 05:07 AM
Jump to solution

Try like this

Get-VMHost |
Select Name, @{N='CryptoState';E={$_.ExtensionData.Runtime.CryptoState}}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
h0d1p4p4
Contributor
Contributor
‎11-06-2023 05:34 AM
Jump to solution

Works great, thanks! I was struggling with extensiondata.config.tpmattestationenabled and cryptomanager, but seems it was a dead end. The result of this command is "incapable" which could mean "disabled" I guess? The host encryption mode is indeed disabled.

Reply
0 Kudos
LucD
Leadership
Leadership
‎11-06-2023 05:52 AM
Jump to solution

I think 'incapable' means that this ESXi node doesn't have the required HW to use encryption.
The possible values are in the enum CryptoState
I'm not sure if that property will actually say 'enabled', I suspect if it doesn't say 'safe' it means it is not enabled.

That also seems to be the logic used in the VMware.VMEncryption module


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos