diff --git a/ansible/files/pgsodium_getkey_urandom.sh.j2 b/ansible/files/pgsodium_getkey_urandom.sh.j2
new file mode 100755
index 000000000..396ccbd9f
--- /dev/null
+++ b/ansible/files/pgsodium_getkey_urandom.sh.j2
@@ -0,0 +1,7 @@
+#!/bin/bash
+KEY_FILE=$PGDATA/pgsodium_root.key
+
+if [ ! -f "$KEY_FILE" ]; then
+    head -c 32 /dev/urandom | od -A n -t x1 | tr -d ' \n' > $KEY_FILE
+fi
+cat $KEY_FILE
diff --git a/ansible/files/postgresql_config/postgresql.conf.j2 b/ansible/files/postgresql_config/postgresql.conf.j2
index 4f6cd35b2..919ea0534 100644
--- a/ansible/files/postgresql_config/postgresql.conf.j2
+++ b/ansible/files/postgresql_config/postgresql.conf.j2
@@ -719,11 +719,13 @@ default_text_search_config = 'pg_catalog.english'
 
 #local_preload_libraries = ''
 #session_preload_libraries = ''
-shared_preload_libraries = 'pg_stat_statements, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, safeupdate'	# (change requires restart)
+shared_preload_libraries = 'pg_stat_statements, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, safeupdate, pgsodium'	# (change requires restart)
 jit_provider = 'llvmjit'		# JIT library to use
 
 # - Other Defaults -
 
+pgsodium.getkey_script= '/usr/lib/postgresql/14/bin/pgsodium_getkey_urandom.sh'
+
 #dynamic_library_path = '$libdir'
 #gin_fuzzy_search_limit = 0
 
diff --git a/ansible/tasks/postgres-extensions/18-pgsodium.yml b/ansible/tasks/postgres-extensions/18-pgsodium.yml
index b0217e08e..bdad62aa8 100644
--- a/ansible/tasks/postgres-extensions/18-pgsodium.yml
+++ b/ansible/tasks/postgres-extensions/18-pgsodium.yml
@@ -55,3 +55,12 @@
     target: install
   become: yes
   
+# Add pgsodium_getkey_urandom.sh
+- name: import pgsodium_getkey_urandom.sh
+  template:
+    src: files/pgsodium_getkey_urandom.sh.j2
+    dest: /usr/lib/postgresql/14/bin/pgsodium_getkey_urandom.sh
+    owner: postgres
+    group: postgres
+    mode: 0700
+
diff --git a/ansible/vars.yml b/ansible/vars.yml
index 506c057d6..0bc79879b 100644
--- a/ansible/vars.yml
+++ b/ansible/vars.yml
@@ -91,5 +91,5 @@ vector_arm_deb: 'https://packages.timber.io/vector/0.17.0/vector-0.17.0-arm64.de
 libsodium_release: "1.0.18"
 libsodium_release_checksum: sha1:795b73e3f92a362fabee238a71735579bf46bb97
 
-pgsodium_release: "2.0.0"
-pgsodium_release_checksum: sha1:69f9fe125d1b2e2b1e2e3394b68ade483d7c408f
+pgsodium_release: "2.0.1"
+pgsodium_release_checksum: sha1:b6ef733c9bbae590c1eee676fd0a97fd129893e0