Native encryption in ZFS is supported since version 0.8.0. Check your current ZFS version with:
modinfo zfs
First activate the encryption feature on your pool:
zpool set feature@encryption=enabled pool_name
To get an overview of all pools with enabled encryption use the following command:
zpool get all | grep encryption
To create a new encrypted dataset with a passphrase:
zfs create -o encryption=aes-256-gcm -o keyformat=passphrase pool_name/dataset_name
Check the keystatus, the current encryption type and the mountpoint with the following commands:
zfs get keystatus pool_name/dataset_name
zfs get encryption pool_name/dataset_name
zfs list pool_name/dataset_name
Change the passphrase with:
zfs change-key pool_name/dataset_name
After a reboot you first have to load your key and then mount your dataset:
zfs load-key pool_name/dataset_name
zfs mount pool_name/dataset_name
Unmount and unload your key:
zfs umount pool_name/dataset_name
zfs unload-key pool_name/dataset_name
If you are sharing this dataset via NFS, it could be necessary to restart the NFS service after mounting. I just deactivate and activate again NFS on the dataset.
zfs set sharenfs=off pool_name/dataset_name
zfs set sharenfs=on pool_name/dataset_name