add example to generate dm key (pingcap#19306)

dm/dm-customized-secret-key.md

@@ -9,7 +9,7 @@ Before v8.0.0, [DM](/dm/dm-overview.md) uses a [fixed AES-256 secret key](https:
 
 ## Usage
 
-1. Create a custom key file, which must contain a 64-character hexadecimal AES-256 secret key.
+1. Create a custom key file, which must contain a 64-character hexadecimal AES-256 secret key. One way to generate this key is by calculating SHA256 checksum of random data, such as `head -n 256 /dev/urandom | sha256sum`.
 2. In the DM-master [command-line flags](/dm/dm-command-line-flags.md) or [configuration file](/dm/dm-master-configuration-file.md), specify `secret-key-path` as the path of your custom key file.
 
 ## Upgrade from a version earlier than v8.0.0

dm/dm-master-configuration-file.md

@@ -60,4 +60,4 @@ This section introduces the configuration parameters of DM-master.
 | `ssl-cert` | The path of the file that contains X509 certificate in PEM format for DM-master to connect with other components. |
 | `ssl-key` | The path of the file that contains X509 key in PEM format for DM-master to connect with other components. |
 | `cert-allowed-cn` | Common Name list. |
-| `secret-key-path` | The file path of the secret key, which is used to encrypt and decrypt upstream and downstream passwords. The file must contain a 64-character hexadecimal AES-256 secret key. |
+| `secret-key-path` | The file path of the secret key, which is used to encrypt and decrypt upstream and downstream passwords. The file must contain a 64-character hexadecimal AES-256 secret key. One way to generate this key is by calculating SHA256 checksum of random data, such as <code>head -n 256 /dev/urandom \| sha256sum</code>. For more information, see [Customize a secret key for DM encryption and decryption](/dm/dm-customized-secret-key.md). |