Key distribution and rotation tools?

Giacomo Bernardi mino at
Tue May 22 15:42:42 CEST 2018

Hello list,
I am aware that WireGuard does not include a mechanism to distribute and
rotate pre-shared secrets by design [1].

However, even discounting a full-blown PKI, in large deployments one needs
to automate the generation/distribution/rotation of those pre-shared keys
on endpoints.

I unsuccessfully scouted around for tools that would fit in this space, did
I miss anything? Any suggestions?


[1] "All issues of key distribution and pushed configurations are out of
scope of WireGuard; these are issues much better left for other layers,
lest we end up with the bloat of IKE or OpenVPN." (
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the WireGuard mailing list