Encryption best practices for deploying .net core on prem

I have built .Net Core in Jenkins and deployed it to an Azure instance via Octopus however encryption was handled through Azure there. I would like to inquire about the best practices for encryption for deploying to an our on prem servers for our internal applications. Basically what are the final encryption step templates or custom scripts that need to be put into the deployment process that Octopus recommends for that code once it is deployed. We will be upgrading to the latest version of Octopus next weekend also. Thanks.