Instances data encryption

Problem/Justification
I tried the new instances on 25.04. When setting it up you need to choose a pool to store the data. There are no dedicated encryption options and I assume if encryption is wanted, then a pool with encryption should be chosen.

However, a very common setup is to not encrypt the pool itself, but a nested dataset if encryption is needed. Current instances implementation doesn’t let the user chose a nested dataset for storage. With this setup it is impossible to use encryption for virtualization data.

Impact
Encryption for instances (virtualization) data is not possible for users which don’t encrypt the entire pool.

User Story
I want to encrypt my virtualization data even though my pool (root dataset) is not encrypted.

** Possible Fixes **

• Let the user chose nested datasets for instances storage
• add a dedicated option for encryption for the instances feature

Are there alternatives, like performing your encryption inside the VM instance itself? I do like the idea of using nested datasets though, seems like a miss that it isn’t an option. In fact I would imagine most vm’s I spun up would be something like Pool > Dataset 1 > VM_hosts > VM1.