Solved:
Yes - I just had to opt in to Google Play App Signing and choose "Use existing app signing key from Java keystore".
I had to 'decode' this command:
$ java -jar pepk.jar --keystore=foo.keystore --alias=foo --output=encrypted_private_key_path --encryptionkey=[deleted]
Into this:
$ java -jar pepk.jar --keystore=<path+filename of your key file> --alias=<key alias> --output=<path+filename of new key file> --encryptionkey=[deleted]