Should we also disable the option to enable encryption on an existing datastore and ask them to instead try backup/restore?