diff --git a/doc/rbd/rbd-encryption.rst b/doc/rbd/rbd-encryption.rst
index 20bfb2f288b..06cd62f071f 100644
--- a/doc/rbd/rbd-encryption.rst
+++ b/doc/rbd/rbd-encryption.rst
@@ -136,9 +136,11 @@ A batch of such unaligned writes can lead to IO races which will further
 deteriorate performance. Thus it is advisable to avoid using RBD encryption
 in cases where incoming writes cannot be guaranteed to be sector-aligned.
 
-To mount a LUKS-encrypted image run::
+To map a LUKS-formatted image run:
 
-    $ rbd -p {pool-name} device map -t nbd -o encryption-format=luks,encryption-passphrase-file={passphrase-file}
+.. prompt:: bash #
+
+    rbd device map -t nbd -o encryption-passphrase-file={passphrase-file} {image-spec}
 
 Note that for security reasons, both the encryption format and encryption load
 operations are CPU-intensive, and may take a few seconds to complete. For the
diff --git a/qa/workunits/rbd/luks-encryption.sh b/qa/workunits/rbd/luks-encryption.sh
index 91e8758e267..b85bb0e546a 100755
--- a/qa/workunits/rbd/luks-encryption.sh
+++ b/qa/workunits/rbd/luks-encryption.sh
@@ -43,7 +43,7 @@ function test_encryption_format() {
   sudo chmod 666 /dev/mapper/cryptsetupdev
 
   # open encryption with librbd
-  LIBRBD_DEV=$(_sudo rbd -p rbd map testimg -t nbd -o encryption-format=luks,encryption-passphrase-file=/tmp/passphrase)
+  LIBRBD_DEV=$(_sudo rbd -p rbd map testimg -t nbd -o encryption-passphrase-file=/tmp/passphrase)
   sudo chmod 666 $LIBRBD_DEV
 
   # write via librbd && compare
@@ -117,9 +117,10 @@ function test_clone_and_load_with_a_single_passphrase {
 
   if [ "$expectedfail" = "true" ]
   then
-    expect_false rbd flatten testimg1 --encryption-format luks --encryption-passphrase-file /tmp/passphrase2
+    expect_false rbd flatten testimg1 --encryption-passphrase-file /tmp/passphrase2
+    rbd flatten testimg1 --encryption-passphrase-file /tmp/passphrase2 --encryption-passphrase-file /tmp/passphrase
   else
-    rbd flatten testimg1 --encryption-format luks --encryption-passphrase-file /tmp/passphrase2
+    rbd flatten testimg1 --encryption-passphrase-file /tmp/passphrase2
   fi
 
   rbd remove testimg1
diff --git a/src/test/cli/rbd/help.t b/src/test/cli/rbd/help.t
index c70d76f4cd7..8d8d3027381 100644
--- a/src/test/cli/rbd/help.t
+++ b/src/test/cli/rbd/help.t
@@ -879,6 +879,7 @@
     --image arg                      image name
     --no-progress                    disable progress output
     --encryption-format arg          encryption format (luks, luks1, luks2)
+                                     [default: luks]
     --encryption-passphrase-file arg path to file containing passphrase for
                                      unlocking the image
   
@@ -2254,6 +2255,7 @@
     --allow-shrink                   permit shrinking
     --no-progress                    disable progress output
     --encryption-format arg          encryption format (luks, luks1, luks2)
+                                     [default: luks]
     --encryption-passphrase-file arg path to file containing passphrase for
                                      unlocking the image
   
diff --git a/src/tools/rbd/ArgumentTypes.cc b/src/tools/rbd/ArgumentTypes.cc
index 231264e57b2..17a06c805f7 100644
--- a/src/tools/rbd/ArgumentTypes.cc
+++ b/src/tools/rbd/ArgumentTypes.cc
@@ -333,7 +333,7 @@ void add_encryption_options(boost::program_options::options_description *opt) {
   opt->add_options()
     (ENCRYPTION_FORMAT.c_str(),
      po::value<std::vector<EncryptionFormat>>(),
-     "encryption format (luks, luks1, luks2)");
+     "encryption format (luks, luks1, luks2) [default: luks]");
 
   opt->add_options()
     (ENCRYPTION_PASSPHRASE_FILE.c_str(),
diff --git a/src/tools/rbd/Utils.cc b/src/tools/rbd/Utils.cc
index 47203dcba1c..71da0bd274a 100644
--- a/src/tools/rbd/Utils.cc
+++ b/src/tools/rbd/Utils.cc
@@ -731,6 +731,9 @@ int get_encryption_options(const boost::program_options::variables_map &vm,
   std::vector<at::EncryptionFormat> formats;
   if (vm.count(at::ENCRYPTION_FORMAT)) {
     formats = vm[at::ENCRYPTION_FORMAT].as<decltype(formats)>();
+  } else if (vm.count(at::ENCRYPTION_PASSPHRASE_FILE)) {
+    formats.resize(passphrase_files.size(),
+                   at::EncryptionFormat{RBD_ENCRYPTION_FORMAT_LUKS});
   }
 
   if (formats.size() != passphrase_files.size()) {
diff --git a/src/tools/rbd_nbd/rbd-nbd.cc b/src/tools/rbd_nbd/rbd-nbd.cc
index cc42491ca08..3130e8bc750 100644
--- a/src/tools/rbd_nbd/rbd-nbd.cc
+++ b/src/tools/rbd_nbd/rbd-nbd.cc
@@ -153,7 +153,7 @@ static void usage()
             << "Map and attach options:\n"
             << "  --device <device path>        Specify nbd device path (/dev/nbd{num})\n"
             << "  --encryption-format luks|luks1|luks2\n"
-            << "                                Image encryption format\n"
+            << "                                Image encryption format (default: luks)\n"
             << "  --encryption-passphrase-file  Path of file containing passphrase for unlocking image encryption\n"
             << "  --exclusive                   Forbid writes by other clients\n"
             << "  --notrim                      Turn off trim/discard\n"
@@ -2194,6 +2194,12 @@ static int parse_args(vector<const char*>& args, std::ostream *err_msg,
     }
   }
 
+  if (cfg->encryption_formats.empty() &&
+      !cfg->encryption_passphrase_files.empty()) {
+    cfg->encryption_formats.resize(cfg->encryption_passphrase_files.size(),
+                                   RBD_ENCRYPTION_FORMAT_LUKS);
+  }
+
   if (cfg->encryption_formats.size() != cfg->encryption_passphrase_files.size()) {
     *err_msg << "rbd-nbd: Encryption formats count does not match "
              << "passphrase files count";