If encrypted NSS volumes are used, both the primary and secondary volumes should be encrypted in order to provide the same level of security on both volumes.
The first time the volumes are mounted after a server reboot, the encrypted volumes must mounted manually by using NSSMU in order to provide the encryption passwords. Mount the secondary volume first so that it is available to DST when you mount the primary volume.