You can create an Azure Cosmos dB with CMK using ARM, but I have not tested using bicep but should be possible. Whay are looking to do it using bicep?
Always Encrypted is available for .NET SDK and Java SDK. Its available only for NoSQL API.
Data stored in your Azure Cosmos DB account is automatically and seamlessly encrypted with keys managed by Microsoft (service-managed keys). Optionally, you can choose to add a second layer of encryption with keys you manage (customer-managed keys or CMK).
Please note that all the data stored in your Azure Cosmos DB account is encrypted with the customer-managed keys, except for the following metadata: Configure customer-managed keys for your Azure Cosmos DB account with Azure Key Vault and this is only supported on new accounts, existing ones are in preview. We are not supporting Container CMK. You can instead use Always encrypted.
Please let me know if you are looking for more details.
Regards,
Oury