If I wish to enable encryption on an existing repository do I need to make space pre emptively?
That is to say I understand making an encryption key will force new base images for all protected machines. I will not have enough space to do this.
Besides space are there any other things to look out for before I try this?
To be precise, as you already noted, the repository is not encrypted, recovery points are. As such, as you mentioned, after enabling an encryption key for specific agents, new base images are needed. The best solution, in my opinion, is taking advantage of the archiving capabilities or RR by archiving some recovery chains in stages (for those who are not aware, RR 6+ archives are mountable as Read Only Repositories) and start fresh with encrypted recovery chains. When the retention period expires, the archives can be discarded and the media used for archiving other unencrypted recovery chains. thus increasing the available repository space for encrypted chains. This approach may take some time though...
I'm not sure I understand how I would go about that? Are you saying basically just add a key to one agent at a time and let it's backup chain run out over time before adding another?
What about just encrypting the whole repository (in my case a RAID 10 array) with Bitlocker?