A standard key provider can perform VM encryption tasks. This provider can be from a third-party or native to vSphere.
See Appendix A: Security Capabilities within Software-Defined Infrastructure for Utilities for details. VM encryption is not specifically tested with the two vPAC applications described in this guide.