I read somewhere someone had their encryption key on their phone / another server and had the server pull the key via ftp on boot. Then the server and encryption key is separated but can decrypt its self as long on the ftp server is available.

Edit - might have been unraid where the OS and data drivers are separate

0 800 00 10 66 (Direct line advert)