diff --git a/tasks/main.yml b/tasks/main.yml
index dea3068..99e20f7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -28,13 +28,13 @@
   tags:
     - wg-install
 
-- name: Create WireGuard certificates directory
+- name: Create WireGuard public key directory locally
   file:
     dest: "{{ wireguard_cert_directory }}"
     state: directory
     owner: "{{ wireguard_cert_owner }}"
     group: "{{ wireguard_cert_group }}"
-    mode: 0700
+    mode: 0755
   run_once: true
   delegate_to: localhost
   tags:
@@ -44,82 +44,59 @@
   set_fact:
     wireguard_ip: "{{ wireguard_address.split('/')[0] }}"
 
-- name: Set path to private key file
-  set_fact:
-    private_key_file_path: "{{ wireguard_cert_directory }}/{{ inventory_hostname }}.private.key"
-  tags:
-    wg-generate-keys
-
 - name: Set path to public key file
   set_fact:
     public_key_file_path: "{{ wireguard_cert_directory }}/{{ inventory_hostname }}.public.key"
   tags:
     wg-generate-keys
 
-- name: Register if private key already exists
+- name: Register if config/private key already exists on target host
   stat:
-    path: "{{ private_key_file_path }}"
-  register: private_key_file_stat
-  delegate_to: localhost
+    path: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf"
+  register: config_file_stat
   tags:
     - wg-generate-keys
 
-- name: Generate WireGuard private key
-  shell: "wg genkey"
-  register: wg_private_key_result
-  when: not private_key_file_stat.stat.exists
-  tags:
-    - wg-generate-keys
-    - skip_ansible_lint
+- block:
+  - name: Generate WireGuard private key
+    shell: "wg genkey"
+    register: wg_private_key_result
+    tags:
+      - wg-generate-keys
+      - skip_ansible_lint
 
-- name: Set private key fact
-  set_fact:
-    wg_private_key: "{{ wg_private_key_result.stdout }}"
-  when: not private_key_file_stat.stat.exists
-  tags:
-    - wg-generate-keys
+  - name: Generate WireGuard public key
+    shell: "echo '{{ wg_private_key }}' | wg pubkey"
+    register: wg_public_key_result
+    tags:
+      - wg-generate-keys
 
-- name: Generate WireGuard public key
-  shell: "echo '{{ wg_private_key }}' | wg pubkey"
-  register: wg_public_key_result
-  when: not private_key_file_stat.stat.exists
-  tags:
-    - wg-generate-keys
+  - name: Set public key fact
+    set_fact:
+      wg_public_key: "{{ wg_public_key_result.results[0].stdout }}"
+    tags:
+      - wg-generate-keys
 
-- name: Set public key fact
-  set_fact:
-    wg_public_key: "{{ wg_public_key_result.stdout }}"
-  when: not private_key_file_stat.stat.exists
-  tags:
-    - wg-generate-keys
+  - name: Store hosts public key locally
+    template:
+      src: "wg-publickey.j2"
+      dest: "{{ public_key_file_path }}"
+      owner: "{{ wireguard_cert_owner }}"
+      group: "{{ wireguard_cert_group }}"
+      mode: 0644
+    delegate_to: localhost
+    tags:
+      - wg-generate-keys
+  when: not config_file_stat.stat.exists
 
-- name: Store hosts private key locally
-  template:
-    src: "wg-privatekey.j2"
-    dest: "{{ private_key_file_path }}"
-    owner: "{{ wireguard_cert_owner }}"
-    group: "{{ wireguard_cert_group }}"
-    mode: 0644
-  when: not private_key_file_stat.stat.exists
-  delegate_to: localhost
-  tags:
-    - wg-generate-keys
-
-- name: Store hosts public key locally
-  template:
-    src: "wg-publickey.j2"
-    dest: "{{ public_key_file_path }}"
-    owner: "{{ wireguard_cert_owner }}"
-    group: "{{ wireguard_cert_group }}"
-    mode: 0644
-  when: not private_key_file_stat.stat.exists
-  delegate_to: localhost
-  tags:
-    - wg-generate-keys
+- name: Read WireGuard config file
+  slurp:
+    src: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf"
+  register: wg_config
 
 - name: Read private key
   set_fact:
-    private_key: "{{ lookup('file', private_key_file_path) }}"
+    private_key: "{{ wg_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}"
   tags:
     wg-config