One of the exciting new features of vSphere 7U2 is the inclusion of a “Native Key Provider”. This gives you KMS like functionality although it’s only able to serve vSphere itself so if you have other appliances requiring a KMS then you will need to look at a traditional KMS solution such as Dells CloudLink.
If you are just looking at enabling functionality such as VM Encryption or vSAN Encryption then this may work for you.

Fortunately this is really simple to enable simply select your vCenter and go to the configure section. Once there you can select Key Providers

Once there click Add and select Native Key Provider

Name your KMS and select whether you only use with TPS protected hosts

You will now see your new key provider listed but stating that it hasnt been backed up yet

Backup your key provider, its recommended you supply a password

once that completes, you will see an active key provider you can use to enable vSAN encryption