Automation

 View Only
  • 1.  ESXi Host encryption Key

    Posted Jul 05, 2024 10:32 AM

    Looking for PowerCLI script to list encryption key (the same output by "esxcli system settings encryption recovery list") for all ESXi hosts in a vCenter. 

    Thanks,



  • 2.  RE: ESXi Host encryption Key

    Posted Jul 05, 2024 11:21 AM

    You can run all esxcli commands via the Get-EsxCli cmdlet.



    ------------------------------


    Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference


    ------------------------------



  • 3.  RE: ESXi Host encryption Key

    Posted Jul 08, 2024 08:53 AM

    Great as always. 




  • 4.  RE: ESXi Host encryption Key

    Posted Jul 08, 2024 09:57 AM
    Edited by TX_Tundra Jul 08, 2024 10:39 AM

    Is it the TPM Encryption keys?  Try this.  I use the Start-Transcript/Stop-Transcript to output to a text file:

    Start-Transcript -Path "C:\temp\tpmkeys.txt"
    
    $VMHosts = get-vmhost | Where { $_.PowerState -eq "PoweredOn" -and $_.ConnectionState -eq "Connected" } | Sort Name
    
    foreach ($VMHost in $VMHosts) {
        $esxcli = Get-EsxCli -VMHost $VMHost
        try {
            $key = $esxcli.system.settings.encryption.recovery.list()
            Write-Host "$VMHost;$($key.RecoveryID);$($key.Key)"
        }
    
        catch {
            
        }
    } 
    
    Stop-Transcript




  • 5.  RE: ESXi Host encryption Key

    Posted Jul 08, 2024 02:58 PM

    @TX_Tundra, 

    Thanks. I was able to get desired results with: 

    function Get-EncryptionRecoveryKeys {
        $esxiHosts = get-vmhost | Where { $_.PowerState -eq "PoweredOn" -and $_.ConnectionState -eq "Connected" } | Sort Name
        $encryptionKeys = @()
     
        foreach ($esxiHost in $esxiHosts) {
            $esxCli = Get-EsxCli -VMHost $esxiHost -V2
            try {
                $recoveryKeyList = $esxCli.system.settings.encryption.recovery.list.Invoke()
                foreach ($key in $recoveryKeyList) {
                    $encryptionKeys += [PSCustomObject]@{
                        HostName = $esxiHost.Name
                        RecoveryKey = $key.Key
                        #Description = $key.Description
                        #CreatedTime = $key.Created
                        RecoveryID = $key.RecoveryID
                    }
                }
            } catch {
                Write-Error "Failed to retrieve encryption keys for host $($esxiHost.Name)"
            }
        }
     
        return $encryptionKeys
    }