21.11.2022 01:46, Daniel Gröber wrote:
This adds a new config key PrivateKeyFile= that simply hooks up the
existing code for the `wg set ... private-key /file` codepath.

Using this new option the interface configs can be much easier to deploy in
an automated fashion as they don't contain secrets anymore. The private key
can easily be provisioned out of band or using a one-time provisioning step

This is definitely a very welcome option in my PoV.

Add my
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>

for this.

Before this patch we were using a neat hack: it's possible to simply omit
PrivateKey= and set it using PostUp= wg set %i private-key /some/file.

Well, this isn't really neat, it is a hackish workaround for the missing
functionality ;)

On a side, note, almost a year ago I sent a patch for wg utility to recognize
and discard some keywords which are processed by wg-quick script - like,
Address=. This way, there's no need to pre-process the config file anymore,
and in order to recognize more peers, one doesn't have to restart the
tunnel interface, instead, a regular wg syncconf wgif.conf is sufficient,
and many things can be simplified too (removing the preprocessing).
I've never got any reply for these patches.


Reply via email to