Key file for encrypted boot and root partitions

I encrypted my boot and root partitions, right now I need to enter password for boot partition twice and one for root partition or I need to use the the same password for both partition, but still I need to enter it twice (once for grub, and once for kernel).

I know that it’s possible to use a key file which would eliminate entering second password. I see that there is an option boot.initrd.luks.devices.<name?>.keyFile but where should I put this file? This file isn’t visible on any path since the partition itself isn’t decrypted at this point…

I’ve read on Arch wiki that I should create key file named crypto_keyfile.bin and add it to initramfs. How to do it in Nixos?


I have a completely different setup described here:

But the bit about initrd.keys.gz is probably relevant to you.


That’s exactly what I needed. Thanks.