diff --git a/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix b/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix
index 2100bce..b0461d0 100644
--- a/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix
+++ b/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix
@@ -62,12 +62,13 @@ in {
                   ];
                   # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
                   settings = {
-                    keyFile = "/tmp/secret.key";
+                    allowDiscards = true;
                     crypttabExtraOpts = [
                       "fido2-device=auto"
                       "token-timeout=10"
                     ];
                   };
+                  passwordFile = "/tmp/secret.key";
                   content = {
                     type = "btrfs";
                     extraArgs = ["-L" "nixos" "-f"];