Information
The ESXi host must enable volatile key destruction. By default, ESXi zeroes out pages allocated for virtual machines (VMs), userspace applications, and kernel threads at the time of allocation. This ensures that no non-zero pages are exposed to VMs or userspace applications. This measure is in place to prevent the exposure of cryptographic keys from VMs or userworlds to other clients. However, if memory is not reused, these keys can remain present in host memory for an extended period. To address this, MemEagerZero can be configured to enforce the zeroing out of userworld and guest memory pages when a userworld process or guest exits. For kernel threads, memory spaces holding keys are zeroed out as soon as the secret is no longer required.
Solution
Get-VMHost -Name $ESXi | Get-AdvancedSetting Mem.MemEagerZero | Set-AdvancedSetting -Value 1