vCenter Native Key Provider
One of the exciting new features of vSphere 7U2 is the inclusion of a “Native Key Provider”. This gives you KMS like functionality although it’s only able to serve vSphere itself so if you have other appliances requiring a KMS then you will need to look at a traditional KMS solution such as Dells CloudLink.
If you are just looking at enabling functionality such as VM Encryption or vSAN Encryption then this may work for you.
Fortunately this is really simple to enable simply select your vCenter and go to the configure section. Once there you can select Key Providers
Once there click Add and select Native Key Provider
Name your KMS and select whether you only use with TPS protected hosts
You will now see your new key provider listed but stating that it hasnt been backed up yet
Backup your key provider, its recommended you supply a password
once that completes, you will see an active key provider you can use to enable vSAN encryption