diff --git a/test/test-network/conf/25-wireguard-23-peers.netdev b/test/test-network/conf/25-wireguard-23-peers.netdev
index 7f77dc17431..61a75e592f4 100644
--- a/test/test-network/conf/25-wireguard-23-peers.netdev
+++ b/test/test-network/conf/25-wireguard-23-peers.netdev
@@ -7,7 +7,9 @@ Description=For issue #11404
 [WireGuard]
 # 51820 is common port for Wireguard, 4500 is IPSec/UDP
 ListenPort=4500
-PrivateKey=CJQUtcS9emY2fLYqDlpSZiE/QJyHkPWr+WHtZLZ90FU=
+# The key below should be overridden by PrivateKeyFile=
+PrivateKey=EEGlnEPYJV//kbvvIqxKkQwOiS+UENyPncC4bF46ong=
+PrivateKeyFile=/run/systemd/network/25-wireguard-private-key.txt
 
 # peer 1
 [WireGuardPeer]
diff --git a/test/test-network/conf/25-wireguard-private-key.txt b/test/test-network/conf/25-wireguard-private-key.txt
new file mode 100644
index 00000000000..469acd0950f
--- /dev/null
+++ b/test/test-network/conf/25-wireguard-private-key.txt
@@ -0,0 +1,6 @@
+CJQUtcS9emY2fLY
+   qDlpSZiE/QJyHkP
+          Wr+WHtZ
+
+
+LZ90FU=
diff --git a/test/test-network/conf/25-wireguard.netdev b/test/test-network/conf/25-wireguard.netdev
index 4866c31ccac..61afd1f5e79 100644
--- a/test/test-network/conf/25-wireguard.netdev
+++ b/test/test-network/conf/25-wireguard.netdev
@@ -4,6 +4,7 @@ Kind=wireguard
 
 [WireGuard]
 PrivateKey=EEGlnEPYJV//kbvvIqxKkQwOiS+UENyPncC4bF46ong=
+PrivateKeyFile=/run/systemd/network/not-exist
 ListenPort=51820
 FwMark=1234
 
diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
index ec8ed00c38b..17abd043702 100755
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -242,6 +242,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         '25-vxlan.netdev',
         '25-wireguard-23-peers.netdev',
         '25-wireguard-23-peers.network',
+        '25-wireguard-private-key.txt',
         '25-wireguard.netdev',
         '6rd.network',
         'gre.network',
@@ -454,16 +455,21 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
             self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t20')
             output = subprocess.check_output(['wg', 'show', 'wg99', 'endpoints']).rstrip().decode('utf-8')
             self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t192.168.27.3:51820')
+            output = subprocess.check_output(['wg', 'show', 'wg99', 'private-key']).rstrip().decode('utf-8')
+            self.assertTrue(output, 'EEGlnEPYJV//kbvvIqxKkQwOiS+UENyPncC4bF46ong=')
 
         self.assertTrue(self.link_exits('wg99'))
 
     @expectedFailureIfModuleIsNotAvailable('wireguard')
     def test_wireguard_23_peers(self):
-        self.copy_unit_to_networkd_unit_path('25-wireguard-23-peers.netdev', '25-wireguard-23-peers.network')
+        self.copy_unit_to_networkd_unit_path('25-wireguard-23-peers.netdev', '25-wireguard-23-peers.network',
+                                             '25-wireguard-private-key.txt')
         self.start_networkd()
 
         if shutil.which('wg'):
             subprocess.call('wg')
+            output = subprocess.check_output(['wg', 'show', 'wg98', 'private-key']).rstrip().decode('utf-8')
+            self.assertTrue(output, 'CJQUtcS9emY2fLYqDlpSZiE/QJyHkPWr+WHtZLZ90FU=')
 
         self.assertTrue(self.link_exits('wg98'))