as far as I know there is no way to manually inspect this.
Welcome to Communities.
KEK ID, Host Key ID and KMS info can be retrieved from /etc/vmware/esx.conf on the host:
When you add a host to an Encrypted enabled vSAN cluster, vSAN checks the drives to see if they are "stamped" for encryption. If they were previously on the cluster and have the same information, then the host is added to the cluster. If it is a new host and the drives were not stamped for encryption on this cluster, the drives will go through a Disk Format Change, Data Encryption Key (DEK) will be created and wrapped with the KEK from KMS. At this point you will see the drives participating in vSAN.
The file-based persistence (esx.conf) is still available on previous version of vSAN, but newer versions have moved to a database based persistence (config-store) for such information. Blog post pending on this topic...
Thanks. But what I'm looking for is not key ID but key itself.