Encrypting a Virtual Machine using the Command Line
A Parallels virtual machine can be encrypted from the Parallels Desktop graphical user interface. This is done from the Security tab of the virtual machine configuration dialog.
You can also use the prlctl command line utility (included with Parallels Desktop) to perform a full set of encryption operations on a virtual machine.
The following command line options are available:
Encrypt a virtual machine
prlctl encrypt <ID | NAME>Decrypt a virtual machine
prlctl decrypt <ID | NAME>Change the encryption password
prlctl change-passwd <ID | NAME>
The <ID | NAME> parameter can be either the virtual machine ID or the virtual machine name. When encrypting a virtual machine, you'll be asked to enter a password phrase, which will be used to encrypt the machine. When decrypting a virtual machine, you will be asked to enter the current password. When changing the password, you'll be asked to enter the old password and then the new password.
The encryption password will also be required to perform any other command line operation on an encrypted virtual machine, including starting, stopping, restarting, pausing, suspending, cloning, deleting a virtual machine, etc. For example, to start an encrypted virtual machine, you'll use the following command:
After executing the command above, you'll be asked to enter the password:
After typing in the correct password, you'll see the following output:
If you need to execute a command remotely without having to enter the password on every Mac, you can send the password via standard input (stdin) as shown in the following example:
If you need to provide two passwords (as with the change-passwd command that changes the password), you can save the passwords to a text file and then use the following syntax:
The /tmp/pass file in the example above should contain the old password on the first line and the new password on the second line: