If the ENCRYPTED drive is mounted to the container, then the container can decrypt it.
If the DECRYPTED drive is mounted to the container, then the container never knows it was encrypted in the first place.
Second case is easier BTW. Just mount the drive on your host, type in the encryption password and you get a new, unencrypted drive. Specify this new drive in your docker compose/docker file.
Decryption is not related to root permission.
If the ENCRYPTED drive is mounted to the container, then the container can decrypt it.
If the DECRYPTED drive is mounted to the container, then the container never knows it was encrypted in the first place.
Second case is easier BTW. Just mount the drive on your host, type in the encryption password and you get a new, unencrypted drive. Specify this new drive in your docker compose/docker file.