Not using ZFS but a similar approach:
All my data (paperless, and other docker container data) is encrypted with LUKS on a separate disk. The OS is running unencrypted on the SD card (using a Raspberry Pi). This way I can swap out the system and relink the docker container data if needed.
Yes, I do need to unlock after a reboot, but since the system is fully up, that’s done easily via ssh.
Still looking into ways to unlock it automatically on certain criteria…
Not using ZFS but a similar approach: All my data (paperless, and other docker container data) is encrypted with LUKS on a separate disk. The OS is running unencrypted on the SD card (using a Raspberry Pi). This way I can swap out the system and relink the docker container data if needed. Yes, I do need to unlock after a reboot, but since the system is fully up, that’s done easily via ssh.
Still looking into ways to unlock it automatically on certain criteria…