Whether you use a standard key provider, trusted key provider, or vSphere Native Key Provider, using encryption in your vSphere environment requires some preparation.
After your environment is set up, you can use the vSphere Client to create encrypted virtual machines and virtual disks and encrypt existing virtual machines and disks.
You can perform additional tasks by using the API and by using the crypto-util CLI. See the vSphere Web Services SDK Programming Guide for the API documentation and the crypto-util command-line help for details about that tool.