diff --git a/morph/grid/hro-cloud/storage001-hardware.nix b/morph/grid/hro-cloud/storage001-hardware.nix
index b2ebd742a69509706301ec547a9664833ef1c2d7..6c76a336ed6b8a1b62769b22409a92c0808ffc80 100644
--- a/morph/grid/hro-cloud/storage001-hardware.nix
+++ b/morph/grid/hro-cloud/storage001-hardware.nix
@@ -29,9 +29,10 @@
       fsType = "zfs";
     };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/45eb994e-0d1b-4903-9412-920f0ba017c9"; }
-    ];
+  swapDevices = [ {
+    device = "/dev/disk/by-uuid/45eb994e-0d1b-4903-9412-920f0ba017c9";
+    randomEncryption = true;
+  } ];
 
   nix.maxJobs = lib.mkDefault 24;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/hro-cloud/storage002-hardware.nix b/morph/grid/hro-cloud/storage002-hardware.nix
index 15cdbba331b49a9d3dc8f4deb125d5e478b375fd..84a20ddee6f82bdb83870575439fce7d1a276a8e 100644
--- a/morph/grid/hro-cloud/storage002-hardware.nix
+++ b/morph/grid/hro-cloud/storage002-hardware.nix
@@ -31,9 +31,10 @@
       fsType = "vfat";
     };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/51e0652f-46c9-4150-95a1-223f37154d4f"; }
-    ];
+  swapDevices = [ {
+    device = "/dev/disk/by-uuid/51e0652f-46c9-4150-95a1-223f37154d4f"; }
+    randomEncryption = true;
+  } ];
 
   nix.maxJobs = lib.mkDefault 24;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/hro-cloud/storage003-hardware.nix b/morph/grid/hro-cloud/storage003-hardware.nix
index 1a4bc3f764f68503945b804e3d756e2de2b1dbec..8d54609ef344dfeb41394196a1f06f7506f9bc7f 100644
--- a/morph/grid/hro-cloud/storage003-hardware.nix
+++ b/morph/grid/hro-cloud/storage003-hardware.nix
@@ -23,12 +23,16 @@
     { device = "/dev/disk/by-uuid/23DC-4051";
       fsType = "vfat";
     };
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/b02af75a-ea3a-47cf-ad40-c6611ee4dc09"; }
-    ];
+
   fileSystems."/storage" = {
      device = "root";
      fsType = "zfs";
    };
+
+  swapDevices = [ {
+    device = "/dev/disk/by-uuid/b02af75a-ea3a-47cf-ad40-c6611ee4dc09"; }
+    randomEncryption = true;
+  } ];
+
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/morph/lib/issuer-payments-ovh.nix b/morph/lib/issuer-payments-ovh.nix
index 53defef05f56790145d9dbbbe5e8fc2e652bda8a..a614e7431f8ea9799e6e3a5d13f1c3356aec7b1f 100644
--- a/morph/lib/issuer-payments-ovh.nix
+++ b/morph/lib/issuer-payments-ovh.nix
@@ -8,6 +8,7 @@
   
   swapDevices = [ {
     device = "/dev/sda2";
+    randomEncryption = true;
   } ];
 
   # Break the tie between AWS and morph for the hostname by forcing the