You have made big investigation of this question.
But in real life everything is little bit easily. I have a DAS with encrypted volumes. When I want to mount an encrypted volume, I manually type the password and add a key file (in USB stick, for instance). Tell me, why I can not do same in SAN (not in NAS)? The way of the entering password, for instance, is SSH. a key file can be added by the any way (on network, on storage between many other files, on USB stick or something else).
Of course, when the volume is mounted, it is decrypted and I need to use another way to make it safe. But when it is dismounted (the storage is switched off), I am absolutely sure that it is in safe condition.