To resolve this issue, upgrade to PowerCLI 12.3.0 and use Set-KeyProvider cmdlet to rotate keys
Note: PowerCLI 12.3.0 will support rotating keys when using vSphere native key providers.
Workaround:
To workaround this issue:
- Create a new vSphere native key provider.
- Re-key any encrypted VMs using the old key provider to the new key provider using vSphere client or Set-VM PowerCLI cmdlet.
Set-VM -VM <vm> -KeyProvider <new-keyprovider>