Link. Don’t mount on startup and don’t store mount pw in boot keychain. Even then it can be attacked during a backup, so how useful is this advice?