genkernel initramfs should allow users to enter a passphrase for encrypted devices even when root_key is specified but the key it references cannot be found. Currently, if root_key is given but the key can't be found, the initramfs will ask the user to insert a device that has the matching key and wait up to 10 seconds. If it still cannot find the key after 10 seconds, the initramfs will skip trying to open the encrypted volumes. Both dracut's crypt module and Arch's mkinitcpio encrypt hook will fall back to using passphrases if they fail to load a keyfile. A possible workaround that works with genkernel initramfs would be to have two boot entries: one that has root_key set and tries to use a keyfile, and one that does not have root_key set and tries to use a passphrase. I am currently using =sys-kernel/genkernel-next-64.
Package removed.