diff --git a/app.py b/app.py
index 22cc29b..05b8c57 100644
--- a/app.py
+++ b/app.py
@@ -36,6 +36,7 @@ def login():
             return render_template('index.html', ssh_port=config.webssh_port, machines=machines_all.machines, timezone=config.timezone)
     return render_template('login.html')
 
+
 @app.route('/logout')
 def logout():
     auth_token = request.cookies.get('auth_token')
@@ -47,6 +48,7 @@ def logout():
             return response
     return render_template('login.html')
 
+
 @app.route('/images')
 def list_images():
     auth_token = request.cookies.get('auth_token')
@@ -56,6 +58,7 @@ def list_images():
     images_all = db.get_images()
     return render_template("images.html", images=images_all.images)
 
+
 @app.route('/create')
 def create_conf():
     auth_token = request.cookies.get('auth_token')
@@ -71,15 +74,19 @@ def create_conf_post():
     if auth_token != "" or auth_token is not None:
         if db.get_user_bytoken(auth_token) is None:
             return redirect("/login")
-        
-    config_name = request.form['config_name']
-    token_name = request.form['token_name']
-    key_length = request.form['key_length']
-    ip = request.form['ip']
+
+    try:
+        config_name = request.form['config_name']
+        token_name = request.form['token_name']
+        key_length = request.form['key_length']
+        ip = request.form['ip']
+        password = request.form['pass']
+    except:
+        return jsonify(message="400")
     if db.get_conf_id_name(config_name+".squashfs") is not None:
         return jsonify(message="400")
     if db.get_conf_id(token_name) is not None:
-        return jsonify(message="400") 
+        return jsonify(message="400")
     folder = utils.generate_random_string(5)
     try:
         os.mkdir(os.path.join(os.getcwd(), 'configs', folder))
@@ -105,8 +112,8 @@ def create_conf_post():
 
     if os.path.exists(folder):
         shutil.rmtree(folder)
-
-    db.add_conf_image(config_name+".squashfs", token_name, ip)
+    output = subprocess.run(['openssl','passwd','-6', password], capture_output=True, text=True)
+    db.add_conf_image(config_name+".squashfs", token_name, ip, output.stdout)
 
     return send_file(os.path.join(app.config['UPLOAD_FOLDER'], config_name+".pub"))
 
@@ -126,69 +133,28 @@ def login_api():
     response.set_cookie('auth_token', auth_token)
     return response
 
+
 @app.route('/delete/<int:image_id>', methods=['POST'])
 def delete(image_id):
     auth_token = request.cookies.get('auth_token')
     if auth_token != "" or auth_token is not None:
         if db.get_user_bytoken(auth_token) is None:
             return redirect("/login")
-        
+
     if db.get_image_allocation(image_id) is not None:
         return jsonify(message="409")
     filename = db.get_conf_image_id(image_id)
     squashfs = os.path.join(app.config['UPLOAD_FOLDER'], filename)
-    pubkey = os.path.join(app.config['UPLOAD_FOLDER'], filename.split(".")[0]+".pub")
+    pubkey = os.path.join(
+        app.config['UPLOAD_FOLDER'], filename.split(".")[0]+".pub")
     if os.path.exists(squashfs):
         os.remove(squashfs)
     if os.path.exists(pubkey):
         os.remove(pubkey)
     db.del_image(image_id)
-    
+
     return redirect(url_for('list_images'))
 
-@app.route("/api/addimage", methods=['POST'])
-def add_image():
-    auth_token = request.cookies.get('auth_token')
-    if auth_token != "" or auth_token is not None:
-        if db.get_user_bytoken(auth_token) is None:
-            return redirect("/login")
-    name = None
-    try:
-        file = request.files['file']
-        if file is None or file == "":
-            return jsonify(message="nofile")
-    except Exception as e:
-        return jsonify(message="nofile")
-
-    try:
-        token = request.form['token']
-        if token is None or token == "":
-            return jsonify(message="notoken")
-    except:
-        if token is None:
-            return jsonify(message="notoken")
-
-    incorrect = True
-    while incorrect:
-        if db.GetVPNImage(token) is not None:
-            if name[-1:].isdigit():
-                name = name[:-1] + str(int(name[-1:])+1)
-            else:
-                name = name+"1"
-        else:
-            incorrect = False
-
-    filename = secure_filename(file.filename)
-    while os.path.exists(os.path.join(app.config['UPLOAD_FOLDER'], filename)):
-        if filename[0].isdigit():
-            filename = str(int(filename[0])+1)+filename[1:]
-        else:
-            filename = "1"+filename
-    file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
-    db.add_conf_image(filename, token)
-
-    return jsonify(message="ok")
-
 
 @app.route("/api/getconf")
 def get_image():
@@ -216,6 +182,15 @@ def get_image():
     return send_file(os.path.join(app.config['UPLOAD_FOLDER'], filename))
 
 
+@app.route("/api/getpass")
+def get_pass():
+    try:
+        password = db.get_conf_password(request.headers['token'])
+        return password
+    except:
+        return ""
+
+
 @app.route("/api/release_allocation", methods=['POST'])
 def release_allocation():
     try:
diff --git a/db.py b/db.py
index 94e7055..385df56 100644
--- a/db.py
+++ b/db.py
@@ -4,6 +4,7 @@ import utils
 import machines
 import images
 
+
 def connect():
     global cur, conn
     try:
@@ -18,7 +19,7 @@ def connect():
     cur = conn.cursor()
 
     with conn.cursor() as cur:
-        cur.execute("SET TIMEZONE = %s",(config.timezone,))
+        cur.execute("SET TIMEZONE = %s", (config.timezone,))
         conn.commit()
         cur.execute("""
             CREATE TABLE IF NOT EXISTS image (
@@ -26,6 +27,7 @@ def connect():
                 image_name VARCHAR(255) NOT NULL,
                 token VARCHAR(255) NOT NULL,
                 created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                password VARCHAR(128) NOT NULL,
                 vpn_ip INET
             );""")
         conn.commit()
@@ -76,13 +78,13 @@ def get_one(sql, value):
             return None
 
 
-def add_conf_image(name, token, ip):
+def add_conf_image(name, token, ip, password):
     connect()
     with get_cur() as cur:
         cur.execute("""
-            INSERT INTO image (image_name, token, vpn_ip)
-            VALUES (%s, %s, %s)
-        """, (name, token,ip, ))
+            INSERT INTO image (image_name, token, vpn_ip, password)
+            VALUES (%s, %s, %s, %s)
+        """, (name, token, ip, password, ))
         conn.commit()
 
 
@@ -90,9 +92,14 @@ def get_conf_image(token):
     return get_one("SELECT image_name FROM image WHERE token = %s", token)
 
 
+def get_conf_password(token):
+    return get_one("SELECT password FROM image WHERE token = %s", token)
+
+
 def get_conf_image_id(id):
     return get_one("SELECT image_name FROM image WHERE id = %s", id)
 
+
 def get_conf_id(token):
     return get_one("SELECT id FROM image WHERE token = %s", token)
 
@@ -154,7 +161,6 @@ def del_auth_token(token):
             return None
 
 
-
 def login(username, password):
     user_id = get_user_pass(username, password)
     if user_id is not None:
@@ -162,6 +168,7 @@ def login(username, password):
     else:
         return None
 
+
 def get_machines():
     connect()
     with get_cur() as cur:
@@ -170,15 +177,18 @@ def get_machines():
         try:
             machinesall = machines.MachineManager()
             for row in cur.fetchall():
-                token = get_one("SELECT token FROM image WHERE id = %s", row[0])
-                image_name = get_one("SELECT image_name FROM image WHERE id = %s", row[0])
-                machine = machines.Machine(token, image_name, start_time=row[1], ipvpn=row[2], iplocal=row[3], username="root", password="")
+                token = get_one(
+                    "SELECT token FROM image WHERE id = %s", row[0])
+                image_name = get_one(
+                    "SELECT image_name FROM image WHERE id = %s", row[0])
+                machine = machines.Machine(
+                    token, image_name, start_time=row[1], ipvpn=row[2], iplocal=row[3], username="root", password="")
                 machinesall.add_machine(machine)
             return machinesall
         except:
             return None
-        
-        
+
+
 def get_images():
     connect()
     with get_cur() as cur:
@@ -187,12 +197,14 @@ def get_images():
         try:
             images_all = images.ImageManager()
             for row in cur.fetchall():
-                image = images.Image(id = row[0], token=row[1], name=row[2], vpn_ip=row[3])
+                image = images.Image(
+                    id=row[0], token=row[1], name=row[2], vpn_ip=row[3])
                 images_all.add_image(image)
             return images_all
         except:
             return None
-        
+
+
 def del_image(image_id):
     connect()
     with get_cur() as cur:
@@ -203,6 +215,7 @@ def del_image(image_id):
         except:
             return None
 
+
 def get_image_allocation_all_id():
     connect()
     with get_cur() as cur:
@@ -226,6 +239,7 @@ def get_image_allocation_all():
         except:
             return None
 
+
 def get_image_allocation(image_id):
     return get_one("SELECT id FROM image_allocation WHERE image_id = %s", image_id)
 
@@ -307,6 +321,7 @@ def update_image_allocation_time(id):
         except:
             return None
 
+
 def update_image_allocation_ip_vpn(token, ip):
     image_id = get_conf_id(token)
     if image_id is None:
@@ -320,4 +335,4 @@ def update_image_allocation_ip_vpn(token, ip):
             conn.commit()
             return True
         except:
-            return None
\ No newline at end of file
+            return None
diff --git a/templates/create.html b/templates/create.html
index e8c263d..57b426c 100644
--- a/templates/create.html
+++ b/templates/create.html
@@ -70,15 +70,17 @@ form textarea {
 <br>
     <h1>Formularz tworzenia obrazu konfiguracyjnego</h1>
     <form method="POST" action="/api/createconf" enctype="multipart/form-data">
-        <label>Nazwa konfiguracji:</label><br>
+        <label>Nazwa konfiguracji:</label>
         <input type="text" name="config_name" required><br><br>
-        <label>Nazwa tokenu:</label><br>
+        <label>Nazwa tokenu:</label>
         <input type="text" name="token_name" required><br><br>
-        <label>Długość klucza:</label><br>
+        <label>Długość klucza:</label>
         <input type="number" name="key_length" min="1024" value="2048" required><br><br>
-        <label>Adres ip VPN:</label><br>
+        <label>Adres ip VPN:</label>
         <input type="text" name="ip" required><br><br>
-        <label>Konfiguracja authorized_keys:</label><br>
+        <label>Hasło dla roota:</label>
+        <input type="password" name="pass" required><br><br>
+        <label>Konfiguracja authorized_keys:</label>
         <textarea name="authorized_keys_config" rows="4" cols="50"></textarea><br><br>
         <input type="submit" value="Wyślij">
     </form>