Encrypting USB Drives / External Media / External SSDs, a pictorial guide + troubleshooting
I'm sure there are many tutorials on the web, but I was a bit surprised how a simple UI quirk makes this a lot more confusing than it needs to be. Encrypting external media like USB drives (thumb drives/USB sticks), Hard drives, and SSDs can be a bit cumbersome in macOS. This tutorial will walk through the steps needed to create encrypted APFS external media.
Warning! This process will reformat the drive, thus losing all its contents. Be sure to have your data backed up on the drive you intend to encrypt.
Step 1: Launch Disk Utility
By default, disk utility doesn't present the options we need to properly reformat a drive to use encryption.
Step 2: Select Show All Devices
Show all devices will display the volume and not just it's partitions.
Step 3: highlight the drive you wish to format and click erase
Step 4: Set the scheme to "GUID partition map"
On the lower menu make sure you have Apple Partition app selected.
Step 5: Select an encryption option from the Format option
Select APFS (Encrypted) or APFS (Case-sensitive, Encrypted). I personally recommend case sensitive, but macOS can use pathing to files and ignore the casing used in the words to the file. In a non-case sensitive context /path/to/file is the same as /PATH/To/File. With case-sensitive pathing, these would lead to different directories. Apple recommends using case sensitive.
Step 6: Select password
Be sure to remember this password, as you will not have the option to recover the password. You can save your password in your Apple Keychain so every time the drive is plugged in, you will not be prompted for a password. You can also look up the password in the keychain.
Trouble shooting!
You may have problems formatting some drives. the following:
Mounting disk
Creating a new empty APFS Container
Unmounting Volumes
Couldn't unmount disk. : (-69888)
Fixing this requires manually unmounting the volume before formatting by clicking the eject button next the format drive (not the parent).
Umount, and repeat from step 3.