Add info about hash passwords

Mic92 · Jan 24, 2024 · 4606d9b · 4606d9b
1 parent ae171b5
commit 4606d9b
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -574,6 +574,12 @@ To work around this issue, it's possible to set `neededForUsers = true` in a sec
 This will cause the secret to be decrypted to `/run/secrets-for-users` instead of `/run/secrets` before NixOS creates users.
 As users are not created yet, it's not possible to set an owner for these secrets.
 
+The password must be stored as a hash for this to work, which can be created with the command `mkpasswd`
+```console
+$ echo "password" | mkpasswd -s
+$y$j9T$WFoiErKnEnMcGq0ruQK4K.$4nJAY3LBeBsZBTYSkdTOejKU6KlDmhnfUV3Ll1K/1b.
+```
+
 ```nix
 { config, ... }: {
   sops.secrets.my-password.neededForUsers = true;