I just watched this video on ZFS encryption in TrueNAS. This was exactly the tutorial I needed. Thanks for putting it together. 
I’ve done quite a bit of work to set up my TrueNAS install, and of course, encrypted nothing. Oops. OTOH, the only data I’m storing there so far is Time Machine backups, and Time Machine itself encrypts those on the client side. I set up home folders for certain users on the NAS, but I’m not planning to store sensitive data there–I just wanted to be able to have a place to easily move temporary files on and off the NAS via SMB.
So, I think I caught this early enough not to have to redo anything. I did have a couple of questions:
- You mentioned that relatively recent hardware shouldn’t see major performance impacts from encryption. Is there a year/CPU generation that’s generally considered a cutoff for encryption as being too old? My low power TrueNAS Core server is an Intel i7-6700 (4c/8t), with 32 GB of DDR3 RAM (the max). One reason I left encryption off at the dataset level was that I was concerned it might put too much strain on the CPU.
- VM Performance Impact? I’m going to be storing VM and LXC container files here for use by Proxmox, on a two-mirror-VDEV SATA SSD pool, accessed via 10Gbps connection.
I’m going to experiment with some test datasets, but I wanted to post and ask in case the particular vintage of my system meant that there was an obvious answer of “no, please don’t abuse your elder hardware like that.” 
TrueNAS is one of the first things I’ve used where older hardware is still really performant; I haven’t learned where the line is yet.