Rolling keys without service interuption

Ferris Ellis ferris at
Sat Dec 2 03:45:04 CET 2017

I was wondering if WireGuard supported dynamically updating / rolling keys for connections? In many operations security models credentials are short lived and rotated regularly so that the consequences of any compromise can be minimized. One problem, however, with this is that rolling credentials often causes a service interrupt for the connection being rolling. Does WireGuard have a way to do this currently?

I wanted to ask the mailing list about this both for my own knowledge and for public documentation. Though, I presume the answer is no as WireGuard uses the keys as identity primitives for connections (which I think is the most honest means of relating identity to authorization) and thus “rolling” them makes no sense.


More information about the WireGuard mailing list