Encrypting a Virtual Machine from the Command Line
A Parallels virtual machine can be encrypted from the Parallels Desktop graphical user interface. This is done from the Security tab of the virtual machine configuration dialog.
You can also use the prlctl
command line utility (included with Parallels Desktop) to perform a full set of encryption operations on a virtual machine.
The following command line options are available:
- Encrypt a virtual machine
prlctl encrypt <ID | NAME>
- Decrypt a virtual machine
prlctl decrypt <ID | NAME>
- Change the encryption password
prlctl change-passwd <ID | NAME>
The <ID | NAME>
parameter can be either the virtual machine ID or the virtual machine name. When encrypting a virtual machine, you'll be asked to enter a password phrase, which will be used to encrypt the machine. When decrypting a virtual machine, you will be asked to enter the current password. When changing the password, you'll be asked to enter the old password and then the new password.
The encryption password will also be required to perform any other command line operation on an encrypted virtual machine, including starting, stopping, restarting, pausing, suspending, cloning, deleting a virtual machine, etc. For example, to start an encrypted virtual machine, you'll use the following command:
$ prlctl start my_virtual_machine
After executing the command above, you'll be asked to enter the password:
Virtual machine "my_virtual_machine" is encrypted - password required to continue operation
Please enter password:
After typing in the correct password, you'll see the following output:
Starting the VM...
The VM has been successfully started.
If you need to execute a command remotely without having to enter the password on every Mac, you can send the password via standard input (stdin) as shown in the following example:
$ echo mypass | prlctl start my_virtual_machine
Virtual machine 'my_virtual_machine' is encrypted - password required to continue operation
Please enter password:
Starting the VM...
The VM has been successfully started.
If you need to provide two passwords (as with the change-passwd
command that changes the password), you can save the passwords to a text file and then use the following syntax:
$ cat /tmp/pass | prlctl change-passwd my_virtual_machine
Virtual machine 'my_virtual_machine' is encrypted - password required to continue operation
Please enter password:
Please enter new password:
The password has been successfully changed.
The /tmp/pass
file in the example above should contain the old password on the first line and the new password on the second line:
$ cat /tmp/pass
mypass
newpass