h0d1p4p4
Contributor
Contributor
‎11-06-2023 03:02 AM

Get ESXI host Encryption Mode status in powercli

Is there a way to only get the Host Encryption Mode status of an esxi via powercli? All our esxi have host encryption status disabled, but I didn't managed to find a way to get this info with powercli. Thanks!

Reply
0 Kudos
LucD
Leadership
Leadership
‎11-06-2023 05:07 AM

Try like this

Get-VMHost |
Select Name, @{N='CryptoState';E={$_.ExtensionData.Runtime.CryptoState}}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
h0d1p4p4
Contributor
Contributor
‎11-06-2023 05:34 AM

Works great, thanks! I was struggling with extensiondata.config.tpmattestationenabled and cryptomanager, but seems it was a dead end. The result of this command is "incapable" which could mean "disabled" I guess? The host encryption mode is indeed disabled.

Reply
0 Kudos
LucD
Leadership
Leadership
‎11-06-2023 05:52 AM

I think 'incapable' means that this ESXi node doesn't have the required HW to use encryption.
The possible values are in the enum CryptoState
I'm not sure if that property will actually say 'enabled', I suspect if it doesn't say 'safe' it means it is not enabled.

That also seems to be the logic used in the VMware.VMEncryption module


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos