We want to run our servers with full disk encryption and use a single USB stick to unlock them. The solution is to make multiple partitions on a USB stick. With the bioctl command you can point to an unused partition to store a new key.
https://www.openbsd.org/faq/faq14.html describes how to setup an OpenBSD installation using full disk encryption with a keydisk. And has instructions how to execute the steps below.
# Use sysctl hw.disknames or dmesg to determine the name of the USB stick. # Initialize the USB stick. fdisk -iy sd1 # Create multiple 1MB RAID partitions to store each key. disklabel -E sd1 # Create the encrypted disk. bioctl -c C -k sd1a -l sd0a softraid0 # or bioctl -c C -k sd1b -l sd0a softraid0 # or bioctl -c C -k sd1d -l sd0a softraid0 # backup dd bs=8192 skip=1 count=3 if=/dev/rsd1a of=backup-keydisk.img # restore dd bs=8192 seek=1 count=3 if=backup-keydisk.img of=/dev/rsd1a