diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index d3f55aac..840d59f0 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -15,7 +15,6 @@ if (isset($entity)) {
      
     exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
     $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
-    $wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
     exec("sudo mv $privkey_tmp $privkey", $return);
     exec("sudo mv $pubkey_tmp $pubkey", $return);
 
diff --git a/app/js/custom.js b/app/js/custom.js
index 89c500bc..25260e81 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -357,7 +357,6 @@ $('.wg-keygen').click(function(){
     $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
         var jsonData = JSON.parse(data);
         entity_pub.val(jsonData.pubkey);
-        entity_priv.val(jsonData.privkey);
         $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 })
diff --git a/includes/wireguard.php b/includes/wireguard.php
index a9ade3d0..41b67c7f 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -110,11 +110,15 @@ function SaveWireGuardConfig($status)
     }
     // Save settings
     if ($good_input) {
+        // fetch private keys from filesytem
+        $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+        $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+
         // server (wg0.conf)
         $config[] = '[Interface]';
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-        $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+        $config[] = 'PrivateKey = '.$wg_srvprivkey;
         $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
         $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
         $config[] = '';
@@ -139,7 +143,7 @@ function SaveWireGuardConfig($status)
         if ($_POST['wg_pendpoint'] !== '') {
             $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
         }
-        $config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
+        $config[] = 'PrivateKey = '.$wg_peerprivkey;
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-server'];
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 9ff217d2..db00ab21 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -24,7 +24,6 @@
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
-            <input type="hidden" name="wg_srvprivkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index ae60a973..cbdad128 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -22,7 +22,6 @@
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
           </div>
-          <input type="hidden" name="wg_peerprivkey" value="<?php echo htmlspecialchars($wg_peerprivkey, ENT_QUOTES); ?>" />
         </div>
       </div>