I tried adding the following line to /etc/fstab, but it doesn't work:
UUID=FF9DBDC4-F77F-3F72-A6C2-26676F39B7CE none apfs rw,noauto
I confirmed that it does work with unencrypted APFS volumes.
For encrypted HFS+ volumes you have to add the password to the keychain, but this workaround doesn't seem to work with encrypted APFS.
Best Answer
Indeed that is the case, even in Mojave (Beta 2).
I have a solution which is quite a hack, but it works. It consists in creating a login script that unmounts the disk using diskutil after a delay.
Create login script
Putting it in home folder for simplicity
put the following in it (replace
Macintosh\ HD
with the disk name you want to unmount, if needed)save (ctrl-x then y, enter). Then make executable
Create launchd agent
put the following in it (note: replace
username
with your username, especially after/Users/
)Finally, enable it
This should get the disk auto-unmounted shortly after login. If it doesn't work, maybe increase the delay (it was 20 seconds in the example). You can check if it works by opening Finder immediately after logging in; you should see the disk unmounting itself after a few seconds.
Make disk-read only
I also noticed that fstab can make the disk read only (could be done as well, for safety).
then press
G
o
and paste