Skip to main content


This document is a reference of the API types introduced by Kilo.

Note: this document is generated from code comments. When contributing a change to this document, please do so by changing the code comments.

Table of Contents#


DNSOrIP represents either a DNS name or an IP address. When both are given, the IP address, as it is more specific, override the DNS name.

dnsDNS must be a valid RFC 1123 subdomain.stringfalse
ipIP must be a valid IP address.stringfalse

Back to TOC


Peer is a WireGuard peer that should have access to the VPN.

metadataStandard object’s metadata. More info:
specSpecification of the desired behavior of the Kilo Peer. More info:

Back to TOC


PeerEndpoint represents a WireGuard endpoint, which is an IP:port tuple.

dnsOrIPDNSOrIP is a DNS name or an IP address.DNSOrIPtrue
portPort must be a valid port number.uint32true

Back to TOC


PeerList is a list of peers.

metadataStandard list metadata. More info:
itemsList of peers. More info:[]Peertrue

Back to TOC


PeerSpec is the description and configuration of a peer.

allowedIPsAllowedIPs is the list of IP addresses that are allowed for the given peer's tunnel.[]stringtrue
endpointEndpoint is the initial endpoint for connections to the peer.*PeerEndpointfalse
persistentKeepalivePersistentKeepalive is the interval in seconds of the emission of keepalive packets by the peer. This defaults to 0, which disables the feature.intfalse
presharedKeyPresharedKey is the optional symmetric encryption key for the peer.stringfalse
publicKeyPublicKey is the WireGuard public key for the peer.stringtrue

Back to TOC