--- /dev/null
+#!/bin/bash
+
+# When using the Arch Linux mkinitcpio encrypt if the file /crypto_keyfile.bin
+# exists in the initramfs then it will be used to attempt unlocking.
+# 1. dd if=/dev/urandom of=/crypto_keyfile.bin bs=1 count=512
+# 2. Add /crypto_keyfile.bin to FILES in /etc/mkinitcpio.conf
+# 3. mkinitcpio -p linux
+# 4. Enable the disable-crypto_keyfiles@<root-disk-id>.service
+# 5. Run this script when you want to reboot without a passphrase
+
+
+crypto_keyfile="/crypto_keyfile.bin"
+reboot_cmd="${1:-sudo reboot}"
+
+if [ ! -f "$crypto_keyfile" ]; then
+ echo "Failed to find $crypto_keyfile"
+ exit 1
+fi
+
+found_devices=""
+for disk_id in $(ls /etc/systemd/system/basic.target.wants/disable-crypto_keyfile@*.service | cut -d'@' -f2 | cut -d. -f1); do
+ found=1
+ found_devices="${found_devices} /dev/disk/by-id/${disk_id}"
+done
+
+if [ -z "$found_devices" ]; then
+ echo "Failed to find your encrypted device. You must have disable-crypto_keyfile@.service enabled."
+ exit 1
+fi
+
+echo -n "Enter password for devices: "
+read -r -s pw
+echo ""
+for device_filename in $found_devices; do
+ echo "Adding key to $device_filename"
+ sudo cryptsetup luksAddKey "$device_filename" "$crypto_keyfile" --key-slot 7 <<EOF
+${pw}
+EOF
+done
+
+$reboot_cmd