diff --git a/deploy_nixos b/deploy_nixos
index 4f8aa2a..2b4235a 100755
--- a/deploy_nixos
+++ b/deploy_nixos
@@ -11,7 +11,6 @@ if [ "$CLUSTER" = "staging" ]; then
 	copy nix/nomad-driver-nix2.nix /etc/nixos/nomad-driver-nix2.nix
 fi
 
-
 if [ "$CLUSTER" = "prod" ]; then
 	cmd nixos-rebuild boot
 	message "-------------------------------------------------------------------------------------"
diff --git a/deploy_passwords b/deploy_passwords
index 37c2143..3b21ff3 100755
--- a/deploy_passwords
+++ b/deploy_passwords
@@ -1,5 +1,3 @@
 #!/usr/bin/env ./sshtool
 
-write_pass deuxfleurs/cluster/$CLUSTER/passwords /root/deploy_tmp_passwords
-cmd 'chpasswd -e < /root/deploy_tmp_passwords'
-cmd rm /root/deploy_tmp_passwords
+pipe_pass deuxfleurs/cluster/$CLUSTER/passwords "chpasswd -e"
diff --git a/restic-summary b/restic_summary
similarity index 100%
rename from restic-summary
rename to restic_summary
diff --git a/sshtool b/sshtool
index 8719ffa..262f0e3 100755
--- a/sshtool
+++ b/sshtool
@@ -1,10 +1,11 @@
 #!/usr/bin/env bash
 
-cd $(dirname $0)
-
 CMDFILE="$1"
 shift 1
 
+cd $(dirname $CMDFILE)
+CMDFILE=./$(basename $CMDFILE)
+
 CLUSTER="$1"
 if [ -z "$CLUSTER" ] || [ ! -d "cluster/$CLUSTER" ]; then
 	echo "Usage: $CMDFILE <cluster name>"
@@ -36,6 +37,7 @@ EOG
 chmod +x /tmp/deploytool_askpass
 export SUDO_ASKPASS=/tmp/deploytool_askpass
 sudo -A sh - <<'EOEVERYTHING'
+set -e
 EOF
 }
 
@@ -97,6 +99,17 @@ chmod 0600 $TO
 EOF
 }
 
+function pipe_pass {
+	local PASSKEY=$1
+	local CMD=$2
+	cat <<EOF
+echo '- pipe secret $PASSKEY to command $CMD'
+base64 -d <<EOG | $CMD > /dev/null
+$(pass $PASSKEY | base64)
+EOG
+EOF
+}
+
 for NIXHOST in $NIXHOSTLIST; do
 	NIXHOST=${NIXHOST%.*}