diff --git a/roles/custom/matrix-bridge-appservice-irc/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-irc/templates/config.yaml.j2
index 86b7c9f517f..2cf4705bf7c 100644
--- a/roles/custom/matrix-bridge-appservice-irc/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-appservice-irc/templates/config.yaml.j2
@@ -41,6 +41,20 @@ homeserver:
 
 # Configuration specific to the IRC service
 ircService:
+
+  # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
+  # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
+  # the database.
+  #
+  # To generate a .pem file:
+  # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
+  #
+  # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
+  # for storage in the database. Passwords are stored by using the admin room command
+  # `!storepass example.com passw0rd. When a connection is made to IRC on behalf of
+  # the Matrix user, this password will be sent as the server password (PASS command).
+  passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
+
   # Config for Matrix -> IRC bridging
   matrixHandler:
     # Cache this many Matrix events in memory to be used for m.relates_to messages (usually replies).
@@ -84,10 +98,10 @@ ircService:
     # Level to log on console/logfile. One of error|warn|info|debug
     level: "debug"
     # The file location to log to. This is relative to the project directory.
-    logfile: "debug.log"
+    #logfile: "debug.log"
     # The file location to log errors to. This is relative to the project
     # directory.
-    errfile: "errors.log"
+    #errfile: "errors.log"
     # Whether to log to the console or not.
     toConsole: true
     # The max number of files to keep. Files will be overwritten eventually due
@@ -152,4 +166,4 @@ database:
   # Either a PostgreSQL connection string, or a path to the NeDB storage directory.
   # For postgres, it must start with postgres://
   # For NeDB, it must start with nedb://. The path is relative to the project directory.
-  connectionString: {{ matrix_appservice_irc_database_connectionString
+  connectionString: {{ matrix_appservice_irc_database_connectionString | to_json }}