From c37de24b780b7a872edad483f317ad9a54c9ca8f Mon Sep 17 00:00:00 2001
From: Alex Martens <alex@thinglab.org>
Date: Tue, 23 Jan 2024 20:46:52 -0800
Subject: [PATCH] nixos/clevis: clairify secret creation

---
 nixos/modules/system/boot/clevis.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/system/boot/clevis.md b/nixos/modules/system/boot/clevis.md
index 91eb728a919e..dcbf55de60a8 100644
--- a/nixos/modules/system/boot/clevis.md
+++ b/nixos/modules/system/boot/clevis.md
@@ -14,20 +14,20 @@ JWE files have to be created through the clevis command line. 3 types of policie
 
 Secrets are pinned against the presence of a TPM2 device, for example:
 ```
-echo hi | clevis encrypt tpm2 '{}' > hi.jwe
+echo -n hi | clevis encrypt tpm2 '{}' > hi.jwe
 ```
 2) Tang policies
 
 Secrets are pinned against the presence of a Tang server, for example:
 ```
-echo hi | clevis encrypt tang '{"url": "http://tang.local"}' > hi.jwe
+echo -n hi | clevis encrypt tang '{"url": "http://tang.local"}' > hi.jwe
 ```
 
 3) Shamir Secret Sharing
 
 Using Shamir's Secret Sharing ([sss](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing)), secrets are pinned using a combination of the two preceding policies. For example:
 ```
-echo hi | clevis encrypt sss \
+echo -n hi | clevis encrypt sss \
 '{"t": 2, "pins": {"tpm2": {"pcr_ids": "0"}, "tang": {"url": "http://tang.local"}}}' \
 > hi.jwe
 ```