How to change the Key Provider in use by vSAN to the vCenter Native Key Provider (NKP). 

VMware vSAN (All Versions)

1. Deploy and configure the native key provider. 

Configure a vSphere Native Key Provider

2. Make the Native key provider the default KMS. 

Set the Default Key Provider Using the vSphere Client 

3. Change the KMS in use by vSAN from the External KMS to the Native Key Provider (NKP). Under Cluster > Configure > vSAN > Services > Encryption

4. Click Edit then change the Key provider from KMS to NKP

Changing the KMS will perform a shallow rekey operation, NOT a deep rekey operation.  As long as the "Wipe residual data" option is not checked this operation will not impact data availability.