This. And, yt-dlp and/or youtube-dl used to have an issue where if the url started with the video ID instead of the playlist ID, it just downloaded the video not the whole playlist. Not sure if that is still around, then just be aware.

The key needs to be available to continue to be able to decrypt the data on the device. All encrypted data is not decrypted as you mount or unlock your encrypted device, that is done one the fly as you use it.

The attack you are thinking of should also not be relevant. What you worry about appears to imply that you are more concerned about the key being protected, rather than the data the key protects. You seem to wish to have your decrypted data available, but not the key.