wg-quick: Read private key from file?
samuel at sholland.org
Thu Dec 27 19:58:52 CET 2018
On 12/27/18 10:51, Rene 'Renne' Bartsch, B.Sc. Informatics wrote:
> does wg-quick allow to read the private key from a file instead of a .conf-file?
Yes, and the manual page wg-quick(8) even has an example of how to read the
private key from an external source:
Or, perhaps it is desirable to store private keys in encrypted form, such
as through use of pass(1):
PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)
If you want to use a file, just provide the filename, as in:
PostUp = wg set %i private-key /etc/wireguard/wg0.key
>From the wg(8) manual page:
Both private-key and preshared-key must be a files, because command line
arguments are not considered private on most systems; but if you are using
bash(1), you may safely pass in a string by specifying as private-key or
preshared-key the expression: <(echo PRIVATEKEYSTRING).
There's no need to write additional wrapper scripts or anything like that.
If you weren't aware of those two manual pages, I suggest reading through both.
It will answer most of your questions :)
Hope that helps,
More information about the WireGuard