diff --git a/bundles/wpa-supplicant/items.py b/bundles/wpa-supplicant/items.py
index 3439a32..7cc2962 100644
--- a/bundles/wpa-supplicant/items.py
+++ b/bundles/wpa-supplicant/items.py
@@ -1,24 +1,15 @@
 import hashlib, binascii
 
 
-def wpa_psk(ssid, password):
-    return binascii.hexlify(
-        hashlib.pbkdf2_hmac('sha1', str.encode(password), str.encode(ssid), 4096, 32)
-    ).decode()
-    
-
 interface = node.metadata.get('wpa-supplicant/interface')
-ssid = node.metadata.get('wpa-supplicant/ssid')
-passowrd = repo.vault.decrypt(node.metadata.get('wpa-supplicant/password')).value
-psk = wpa_psk(ssid, passowrd)
 
 files = {
     f'/etc/wpa_supplicant/wpa_supplicant-{interface}.conf': {
         'source': 'wpa_supplicant.conf',
         'content_type': 'mako',
         'context': {
-            'ssid': ssid,
-            'psk': psk,
+            'ssid': node.metadata.get('wpa-supplicant/ssid'),
+            'psk': node.metadata.get('wpa-supplicant/psk'),
         },
         'needs': [
             'pkg_apt:wpasupplicant',
diff --git a/bundles/wpa-supplicant/metadata.py b/bundles/wpa-supplicant/metadata.py
index c56b55c..0636fa0 100644
--- a/bundles/wpa-supplicant/metadata.py
+++ b/bundles/wpa-supplicant/metadata.py
@@ -1,3 +1,6 @@
+import hashlib, binascii
+
+
 defaults = {
     'apt': {
         'packages': {
@@ -5,3 +8,22 @@ defaults = {
         },
     },
 }
+
+@metadata_reactor.provides(
+    'wpa-supplicant/psk',
+)
+def psk(metadata):
+    return {
+        'wpa-supplicant': {
+            'psk': binascii.hexlify(
+                hashlib.pbkdf2_hmac(
+                    'sha1',
+                    repo.vault.decrypt(metadata.get('wpa-supplicant/password')).value.encode(),
+                    metadata.get('wpa-supplicant/ssid').encode(),
+                    4096,
+                    32
+                )
+            ).decode()
+        }
+    }
+