wpa_supplicant service: Warn about plaintext keys in docs

2 files changed, 6 insertions, 1 deletions

diff --git a/nixos/doc/manual/configuration/wireless.xml b/nixos/doc/manual/configuration/wireless.xml
index 13e4283d241c..e4560f2da36b 100644
--- a/nixos/doc/manual/configuration/wireless.xml
+++ b/nixos/doc/manual/configuration/wireless.xml
@@ -28,7 +28,9 @@ networking.wireless.networks = {
 }
 </programlisting>
 
-When no networks are set it will default to using a configuration file at
+Be aware that keys will be written to the nix store in plaintext!
+
+When no networks are set, it will default to using a configuration file at
 <literal>/etc/wpa_supplicant.conf</literal>. You should edit this file
 yourself to define wireless networks, WPA keys and so on (see
 wpa_supplicant.conf(5)).
diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix
index 397811f96266..1b655af6c82d 100644
--- a/nixos/modules/services/networking/wpa_supplicant.nix
+++ b/nixos/modules/services/networking/wpa_supplicant.nix
@@ -46,6 +46,9 @@ in {
               description = ''
                 The network's pre-shared key in plaintext defaulting
                 to being a network without any authentication.
+
+                Be aware that these will be written to the nix store
+                in plaintext!
               '';
             };
           };