As a matter of practice when creating an encrypted virtual machine, either

• Encrypt the VM with a password of your choosing, then remember it, or
• Auto-generate the password, display it in the dialog before hitting "return", then remember it.
• Optionally enable the password to be remembered in the Keychain.

The key thing here is "remember the password". Do not rely on the system to remember it for you, because there are situations where you will need to know the password. Having the password remembered in the Keychain is a convenience that does not eliminate the need for you to remember the password.

I get a feeling that too many people just "click through" the encryption dialog, letting the system auto-generate a password and remember it. It's a really, really bad idea not to know what the password is. 

For example, should you want to move the VM to another system, you will need to know the password to open it (the password doesn't come along with the system). Also if something goes wrong with the user and their keychain, without the password the VM may be toast.

There is an alternate way of getting that VM back if it's been encrypted with the "only the files needed to support a TPM" option. It's not for someone that's afraid of getting their hands dirty. The VMDK files of an encrypted VM using this method are not encrypted. You would create an empty VM, copy the vmdk files from the old VM's bundle folder to the new one, then make edits to the .vmx file to make sure the virtual disk is pointing to the copy of the old disk.