Issues with upgrading to SCALE

So my migration hit some snags and I’m hoping someone can point me in the right direction.
I’m upgrading from CORE 13.0-U6.2 to SCALE 24.04.
Hardware:
FREENAS-MINI-XL from IX Systems 8 bays
32GB RAM
16GB system boot SSD (SATADOM)
2x 8TB WD80EFZX
2x 12TB WD120EFAX

Configuration:
tank (2x 8TB mirror GELI encrypted, 50% used)
Datasets:
Shared (family photos, documents etc. - sent as replication to my office NAS)
iocage (Plex and UniFi)
Backup (receives replication from my office NAS)

tank2 (2x 12TB mirror GELI encrypted, 43% used)
Datasets:
Media (for Plex)

For the migration, I know the 1st step is to remove the GELI encryption.
I followed the Docs here:

I added 4x 4TB drives temporarily and created a RAIDZ pool “mytemp” with ZFS encryption (instead of GELI).
There was a warning that the root of a system pool should not be encrypted.
Since this was not a system pool, I made a mental note that after the upgrade, I should not encrypt the pool, only the individual Datasets.
I should note that my purpose for the encryption is so I can throw away the drives if they fail without having to erase or destroy. This also applies to the 4x 4TB temporary drives that I borrowed and don’t want my data accessible later.
I used the ZFS send and recv commands listed here:

I created a new snapshot for each Dataset and sent it to my newly created ENCRYPTED “mytemp” pool on the temp drives.
zfs send -Rv tank/Shared@tempShared | zfs recv mytemp/tempShared
It worked like a charm. I got all the data and historical snapshots for all my Datasets.
After verifying access to all my Datasets on “mytemp” pool, I exported and destroyed both my GELI encrypted pools.

I upgraded!

I created a new tank pool and created a ZFS encrypted Dataset “Shared” (and the other Datasets).

FIRST PROBLEM: All my temp Datasets are not encrypted even though the root pool is encrypted. I will need to DBAN the disks in another machine when I’m done.

SECOND PROBLEM: When I try to send my temp snapshots, I get the following error:

cannot receive new filesystem stream: destination 'tank/Media' exists
must specify -F to overwrite it

So I try with the -F

cannot receive new filesystem stream: zfs receive -F cannot be used to destroy an encrypted filesystem or overwrite an unencrypted one with an encrypted one

QUESTION: How do I transfer my accidentally unencrypted data and snapshots back to my original drives so the data will be encrypted?

I know I still have a lot of work to do in converting my jails to Docker, but @Stux has some great YouTube videos and posts about that.

I also have three more TrueNAS systems that I need to upgrade. I decided to start with the easy home system

Thanks

I think I figured out some of the issues.
FIRST PROBLEM:
The Documentation here:

Because encryption is inherited from the parent, all data within that pool is encrypted. Selecting the Encryption option for the pool (root dataset) forces encryption for all datasets and zvols created within the root dataset.

The above did not hold true when I created an encrypted pool “mytemp” and then sent unencrypted snapshots in CORE 13.0-U6.2.
All Datasets created with zfs send and recv were unencrypted and readable without the key after upgrading to SCALE.
SOLUTION: I should have used a passphrase encryption like the zfs recv example

zfs send -Rv pool_a/dataset_1@snapshot_name | zfs recv -o encryption=on -o keyformat=passphrase -o keylocation=file:///tmp/pass pool_b/dataset_2

SECOND PROBLEM: I was stuck on trying to create an encrypted Dataset with a key file. I deleted the new encrypted Datasets and used the zfs recv with a passphrase that I will convert to a key file after the encrypted Dataset is received.

Just writing this up forced me to organize my thoughts and look at the bigger picture.
I’m leaving this up in case it helps someone else.