vCenter Server requires a Key Management Service (KMS) for enabling VM Encryption, vTPM, or vSAN Encryption. Users have the choice of configuring the embedded Native Key Provider (NKP) built into vCenter Server and/or use an external KMS with the Standard Key Provider (SKP) option.
If you have more than one KMS configured in vCenter Server, you can specify one of the KMS key providers to be your default, which will automatically be used for any KMS-related activities. You can switch between the default KMS key provider and you can certainly specify a specific KMS key provider when using the vSphere API to provision a VM that will leverage VM encryption.
So how do you figure out which KMS key provider a VM is using?