[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireguard
Subject:    Re: wg-quick: Read private key from file?
From:       Samuel Holland <samuel () sholland ! org>
Date:       2018-12-27 18:58:52
Message-ID: e515967c-f879-656c-f4d6-58c4a4a8cf1e () sholland ! org
[Download RAW message or body]

On 12/27/18 10:51, Rene 'Renne' Bartsch, B.Sc. Informatics wrote:
> does wg-quick allow to read the private key from a file instead of a .conf-file?

Yes, and the manual page wg-quick(8) even has an example of how to read the
private key from an external source:

    Or, perhaps it is desirable to store private keys in encrypted form, such
    as through use of pass(1):

        PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)

If you want to use a file, just provide the filename, as in:

    PostUp = wg set %i private-key /etc/wireguard/wg0.key

From the wg(8) manual page:

    Both private-key and preshared-key must be a files, because command line
    arguments are not considered private on most systems; but if you are using
    bash(1), you may safely pass in a string by specifying as private-key or
    preshared-key the expression:  <(echo PRIVATEKEYSTRING).

There's no need to write additional wrapper scripts or anything like that.

If you weren't aware of those two manual pages, I suggest reading through both.
It will answer most of your questions :)

Hope that helps,
Samuel
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
[prev in list] [next in list] [prev in thread] [next in thread]