diff --git a/wiki/linux/arch-linux/installation.md b/wiki/linux/arch-linux/installation.md
index d37400a..92f355e 100644
--- a/wiki/linux/arch-linux/installation.md
+++ b/wiki/linux/arch-linux/installation.md
@@ -207,3 +207,7 @@ You can go on to other guides aswell.
 
 Additionally if you have a NVidia Graphics Cards you should read
 [the NVidia article](../nvidia.md) too.
+
+If you are interested in automatic decryption of the dm-crypt encrypted
+partition, take a look at the according section in
+[the dm-crypt article](../dm-crypt.md).
diff --git a/wiki/linux/dm-crypt.md b/wiki/linux/dm-crypt.md
index 6d259fe..3bd040c 100644
--- a/wiki/linux/dm-crypt.md
+++ b/wiki/linux/dm-crypt.md
@@ -29,3 +29,67 @@ If you don't want to extend the encrypted volume to the whole partition
 or the partition is to small for your purposes, make sure to resize the
 partition first accordingly (see [disk management](./disk-management.md)).
 `cryptsetup resize crypt-volume`
+
+## Creating a automatic encryption key with an USB stick
+
+This guide assumes you to have an Arch Linux System, as installed in
+[this wiki arch linux installation](./arch-linux/installation.md).
+This section is based on entries from the
+[arch linux forum](https://forum.archlinux.de/d/28886-systementschluesselung-per-usb-stick).
+
+Insert your USB stick.
+This guide will assume its address is `/dev/sde`.
+
+Fill in the first sectors (in this case 94, make sure this number is bigger
+than skip sector count and size sector count combined) stick with a random
+sequence:
+`dd if=/dev/urandom of=/dev/sde bs=512 seek=1 count=94`.
+Save the key to a keyfile (with offset 14848 = 29 x 512 and
+keysize 2048 = 4 x 512):
+`dd if=/dev/sde bs=512  skip=29 count=4 > key.bin`.
+
+Add the keyfile to the encrypted partition (assuming the dm-crypted device is
+called `/dev/sda2`):
+`cryptsetup luksAddKey /dev/sda2 key.bin`.
+
+Next it has to be made sure that the decryption key, is available at the same
+position every time.
+For this check the `serial` and `product` of your USB stick with the following
+commands.
+
+```sh
+udevadm info -a -p `udevadm info -q path -n /dev/sde` | grep ATTRS{serial}
+udevadm info -a -p `udevadm info -q path -n /dev/sde` | grep ATTRS{product}
+```
+
+The first line gives the `serial`, the second the `product`.
+The `product` should match your USB stick.
+
+After this create a file at `/etc/udev/rules.d/50-usbkey.rules` with the
+following content.
+Assuming the `serial` is `14AB0000000096`.
+
+```txt
+SUBSYSTEMS=="usb", ATTRS{serial}=="14AB0000000096", KERNEL=="sd*", SYMLINK+="usbkey%n"
+```
+
+Then reload the udev rules by running:
+`udevadm control --reload-rules`.
+
+Unplug the stick and plug it back in.
+It should be available under `dev/usbkey`.
+
+After that make sure in `/etc/mkinitcpio.conf` under the `HOOKS` section
+`keymap encrypt lvm2` are written before `filesystems`.
+Add `/etc/udev/rules.d/50-usbkey.rules` under the `FILES` section.
+
+Then modify `/boot/loader/entries/arch.conf` and add
+`cryptkey=/dev/usbkey:14848:2048` to the
+end of the `options` line.
+
+Finally run:
+`mkinitcpio -p linux`.
+
+Reboot the system with `reboot`.
+Make sure the USB key for decryption is plugged in.
+If so the encrypted partition should be decrypted automatically.