diff --git a/scripts/add_new_host_keys.sh b/scripts/add_new_host_keys.sh
index df94d2f..9c1b0ee 100755
--- a/scripts/add_new_host_keys.sh
+++ b/scripts/add_new_host_keys.sh
@@ -31,10 +31,13 @@ cd "$pwpath"
 # Generate SSH keys
 ssh-keygen -f $hostkey -t ed25519 -N "" -C "root@$host"
 ssh-keygen -f $initrdkey -t ed25519 -N "" -C "root@$host-initrd"
+wg genkey > wg.private
+publickey=$(cat wg.private | wg pubkey)
 
 #encrypt the private keys
 sops -e -i ./$hostkey
 sops -e -i ./$initrdkey
+sops -e -i ./wg.private
 
 #generate encryption key
 tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20 > disk.key
@@ -45,6 +48,9 @@ echo
 echo "Hier ist der age public key für sops etc:"
 echo "$(ssh-to-age -i ./"$hostkey".pub)"
 echo
+echo "Hier ist der wireguard pubkey für das gerät"
+echo "$publickey"
+echo 
 echo "Hier ist eine reproduzierbare mac-addresse:"
 echo "$hostname"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
 
diff --git a/scripts/remote-install-encrypt.sh b/scripts/remote-install-encrypt.sh
index 43c36c1..66aae0b 100755
--- a/scripts/remote-install-encrypt.sh
+++ b/scripts/remote-install-encrypt.sh
@@ -40,7 +40,9 @@ trap cleanup EXIT
 
 # Create the directory where sshd expects to find the host keys
 install -d -m755 "$temp/etc/ssh/"
+install -d -m755 "$temp/etc/wireguard/"
 
+##TODO:: wg genkey + pubkey --> /etc/wireguard/wg.private
 diskKey=$(sops -d $pwpath/disk.key)
 echo "$diskKey" > /tmp/secret.key
 
@@ -48,6 +50,7 @@ sops -d "$pwpath/$hostkey" > "$temp/etc/ssh/$hostname"
 
 sops -d "$pwpath/$initrdkey" > "$temp/etc/ssh/initrd"
 
+sops -d "$pwpath/wg.private" > "$temp/etc/wireguard/wg.private"
 # # Set the correct permissions so sshd will accept the key
 chmod 600 "$temp/etc/ssh/$hostname"
 chmod 600 "$temp/etc/ssh/initrd"