Currently only prompts based passwords are assumed for zfs encrypted volumes.

One can work round this by doing a ZFS load from a file/USB stick or PKCS storage in the pre-master script.

In that case your startup will say 'prompt' but not ask for it:

  sudo cbsd jstart XXXX 
  jstart: encrypted dataset: aes-256-gcm
  jstart: encryption keyformat: passphrase
  etc

so that is fine. However for not interactive starts this workaround breaks on:

  https://github.com/cbsd/cbsd/blob/fdc5d951e6790ec12a0cbf011a4e1ea5c50c08ad/subr/jfs.subr#L452

that does not consider this convenient edge case; and errs out. May be good to make this a warning - as the ZFS mount will also err out / quite possible in quite some settings the keys are already loaded much earlier.