If encrypted NSS volumes are used, both the primary and secondary volumes should be encrypted in order to provide the same level of security on both volumes.
The first time the volumes are mounted after a server reboot, the encrypted volumes must mounted manually by using NSSMU or NSS commands in order to provide the encryption passwords. Mount the secondary volume first so that it is available to DST when you mount the primary volume. You can use the standard mount procedure for encrypted NSS volumes as described in Mounting an Encrypted NSS Volume with NSSMU
and Mounting Encrypted NSS Volumes with NSS Commands
in the OES 2018 SP1: NSS File System Administration Guide for Linux.