Do not use this for securing important data!

The method described below is like writing your password on a post-it note in your top-drawer! It only provides any security at all if you remove the encrypted disk from the machine permanently!

Never rely on any security mechanism that you don't understand! Copy-pasting commands from the internet is not a valid security technique!

Execute all commands as root (i.e. sudo su first).

Create a key-file for this disk, so it can be automatically unlocked on boot.

dd if=/dev/random of=/etc/crypttab.d/DISK_NAME.key bs=4096 count=1

Format the partition with LUKS, you can use the whole disk (e.g. /dev/sdX) but using a partition makes it more obvious what is on the disk and less likely to be overwritten by accident.

cryptsetup luksFormat --type luks2 /dev/sdX1 /etc/crypttab.d/DISK_NAME.key

Unlock and mount the encrypted volume.

cryptsetup open /dev/sdX1 DISK_NAME --key-file /etc/crypttab.d/DISK_NAME.key

Add a recovery pass-phrase to the volume (in case the key gets wiped). You will be prompted to type in the password.

cryptsetup --key-file /etc/crypttab.d/DISK_NAME.key luksAddKey /dev/sdX1

Take a backup of the LUKS header (in case the header gets wiped).

cryptsetup luksHeaderBackup /dev/sdX1 --header-backup-file /etc/crypttab.d/DISK_NAME.header

Find the UUID of the encrypted volume.

lsblk -o name,size,type,mountpoint,uuid
NAME               SIZE TYPE  MOUNTPOINT      UUID
sdX                2T   disk                  
└─sdX1             2T   part                  long-string-of-hexadecimal

Copy the UUID and add it to the crypttab to have it auto-unlocked and mounted at boot.

nano -w /etc/crypttab
DISK_NAME UUID=long-string-of-hexadecimal /etc/crypttab.d/DISK_NAME.key

ZFS

dd if=/dev/urandom bs=32 count=1 of=/etc/crypttab.d/tank.key
zpool create -O encryption=on -O keyformat=raw -O keylocation=file:///etc/crypttab.d/tank.key tank sda