wg-quick: Read private key from file?

Samuel Holland samuel at sholland.org
Thu Dec 27 19:58:52 CET 2018

On 12/27/18 10:51, Rene 'Renne' Bartsch, B.Sc. Informatics wrote:
> does wg-quick allow to read the private key from a file instead of a .conf-file?

Yes, and the manual page wg-quick(8) even has an example of how to read the
private key from an external source:

    Or, perhaps it is desirable to store private keys in encrypted form, such
    as through use of pass(1):

        PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)

If you want to use a file, just provide the filename, as in:

    PostUp = wg set %i private-key /etc/wireguard/wg0.key

>From the wg(8) manual page:

    Both private-key and preshared-key must be a files, because command line
    arguments are not considered private on most systems; but if you are using
    bash(1), you may safely pass in a string by specifying as private-key or
    preshared-key the expression:  <(echo PRIVATEKEYSTRING).

There's no need to write additional wrapper scripts or anything like that.

If you weren't aware of those two manual pages, I suggest reading through both.
It will answer most of your questions :)

Hope that helps,

More information about the WireGuard mailing list