Key file for encrypted boot and root partitions

I encrypted my boot and root partitions, right now I need to enter password for boot partition twice and one for root partition or I need to use the the same password for both partition, but still I need to enter it twice (once for grub, and once for kernel).

I know that it’s possible to use a key file which would eliminate entering second password. I see that there is an option boot.initrd.luks.devices.<name?>.keyFile but where should I put this file? This file isn’t visible on any path since the partition itself isn’t decrypted at this point…

I’ve read on Arch wiki that I should create key file named crypto_keyfile.bin and add it to initramfs. How to do it in Nixos?

I have a completely different setup described here:

https://elvishjerricco.github.io/2018/12/06/encrypted-boot-on-zfs-with-nixos.html

But the bit about initrd.keys.gz is probably relevant to you.

That’s exactly what I needed. Thanks.