actually wireguard doesn't look at text files at all, it only has a netlink interface so you can configure it using the `ip` command. The current tools read the text files and set up the network interface.

Interesting... I'll have to take a look at what the utilities are actually done then and how they're loading the keys into the interface

If you look at their tutorial video, you can see what's going on. The tutorial has a lot of commands like

    ip link add wg0 type wrieguard
    ip addr add 10.1.20.1/24 dev wg0
    wg set wg0 listen-port 5100 private-key /etc/path/to/key
    ip link set wg0 up
    wg set wg0 peer........

If you look at the wg-quick script, it basically reads an /etc/wireguard/<adapter>.conf and runs the same commands based on your settings.

It's great when you're just trying to test things out. You can do a lot of stuff by hand, make sure it's working, try the conf file, enable the systemd or runit service, reboot and make sure it comes up.

Can you link to the video you're mentioning?

The side-by-side video:

https://www.wireguard.com/quickstart/

You can already easily do the other way round: populate the config files with keys retrieved in an external system

This is what I do. I have a small dynamo table and a Python script I run from cron. I grab all updates since the last run and apply all changes to the running service. I have the config option set to write out the config on service stop, so I don't lose anything on a restart and don't have to replay everything. I have lots of room for improvement but it's a quick hack that works for my needs. (Not sharing yet because it doesn't fully CRUD right now.)

that sounds like an ideal candidate for orchestration tools like ansible, puppet, etc. Have them build/template out the config files for you