Hi All, I've been following some recent threads regarding real life deployments of WireGuard and it got me thinking about key management, rotation and monitoring. Due to the seamless support for roaming built into WireGuard these concerns are greater than typical setups as a stolen key can be used seamlessly alongside its legitimate user.
In the interest of understanding best practices for secure deployment of WireGuard and possibly identifying use cases for another project that could aim to solve these issues, I'm curious: 1) What are people doing to get keys onto their endpoints? 2) What are people doing to rotate those keys regularly? 3) What sorts of monitoring have people constructed to try and detect multiple users of the same key (I'm not sure how possible this is today with the current WG releases, it's been a while since I've looked closely at the project so please forgive me if this question is nonsensical at this time). Looking forward to any responses. --adam
