Behavior has changed after PS-5736 https://jira.percona.com/browse/PS-5736?focusedCommentId=239846&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-239846

Add new global dynamic variable innodb_temp_tablespace_encrypt=ON/OF. When it is turned on, server starts to encrypt temporary tablespace and temporary InnoDB file-per-table tablespaces. Option does not force encryption of temp tables which are currently opened, it doesn't rebuild system temporary tablespace to encrypt data which already written. Since temp tablespace created fresh at each server startup, it will not contain unencrypted data if this option specified as server argument. Turning this option off at runtime makes server to create all subsequent temporary file-per-table tablespaces unencrypted, but does not turn off encryption of system temporary tablespace.

To use this option, keyring plugin must be loaded. If keyring plugin is not available, server will give error message and refuse to create new temp tables.