This is similar to what I do.

I have a USB drive with the whole bootloader + decryption keyfiles on it. I remove it while it is running as everything is stored in RAM and already booted.

Downside being it has to be plugged in to update the boot partition during an upgrade.