So following function parses an (un)encrypted DER-encoded private key and fills the pk_context accordingly:
int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen )
Does mbedtls provide a function that works analogously to this one … meaning that it has a pk_context and can store it (encrypted) to a buffer. I’ve only seen mbedtls_pk_write_key_pem, which however does not take encryption into account.