Whether you use a standard key provider or a trusted key provider, using encryption in your vSphere environment requires some preparation.
After your environment is set up, you can use the vSphere Client to create encrypted virtual machines and virtual disks and encrypt existing virtual machines and disks.
To learn about using vSphere Trust Authority and trusted key providers to encrypt virtual machines and disks, see vSphere Trust Authority.
You can perform additional tasks by using the API and by using the crypto-util CLI. See the vSphere Web Services SDK Programming Guide for the API documentation and the crypto-util command-line help for details about that tool.