Technically, mate, a private key could be the output of a SHA-256 hash. But it wouldn't necessarily be secure.

See, the beauty of Bitcoin's security comes from the randomness of private keys. If you use predictable data to generate your key (like hashing a password), it becomes less secure.

So while you could use a SHA-256 hash as your private key, I'd stick with generating them randomly for top-notch security!