diff --git a/src/cmd/add.go b/src/cmd/add.go
index e4f392d..5c0db14 100644
--- a/src/cmd/add.go
+++ b/src/cmd/add.go
@@ -10,6 +10,7 @@ type addCmdConfig struct {
 	endpoint         string
 	outboundEndpoint string
 	keepalive        int
+	generatePSK      bool
 }
 
 // Defaults for add command.
@@ -18,6 +19,7 @@ var addCmdArgs = addCmdConfig{
 	endpoint:         Endpoint,
 	outboundEndpoint: Endpoint,
 	keepalive:        Keepalive,
+	generatePSK:      false,
 }
 
 // addCmd represents the add command.
@@ -33,6 +35,7 @@ func init() {
 
 	addCmd.PersistentFlags().StringVarP(&addCmdArgs.endpoint, "endpoint", "e", addCmdArgs.endpoint, "IP:PORT (or [IP]:PORT for IPv6) of wireguard listener that server will connect to (example \"1.2.3.4:51820\")")
 	addCmd.PersistentFlags().StringVarP(&addCmdArgs.outboundEndpoint, "outbound-endpoint", "o", addCmdArgs.outboundEndpoint, "IP:PORT (or [IP]:PORT for IPv6) of wireguard listener that client will connect to (example \"4.3.2.1:51820\"")
+	addCmd.PersistentFlags().BoolVarP(&addCmdArgs.generatePSK, "PSK", "K", addCmdArgs.generatePSK, "generate a preshared key")
 
 	addCmd.PersistentFlags().IntVarP(&addCmdArgs.keepalive, "keepalive", "k", addCmdArgs.keepalive, "tunnel keepalive in seconds")
 
diff --git a/src/cmd/add_client.go b/src/cmd/add_client.go
index 1e5de06..df2c36c 100644
--- a/src/cmd/add_client.go
+++ b/src/cmd/add_client.go
@@ -198,6 +198,15 @@ func (c addClientCmdConfig) Run() {
 	// Make peer configs to populate server peers.
 	clientPeerConfigRelay, err := peer.GetPeerConfig(peer.PeerConfigArgs{
 		PublicKey: clientConfigRelay.GetPublicKey(),
+		PresharedKey: func() string {
+			if addArgs.generatePSK {
+				err := clientConfigRelay.GenPresharedKey()
+				check("failed to generate preshared key", err)
+				return clientConfigRelay.GetPresharedKey()
+			} else {
+				return ""
+			}
+		}(),
 		AllowedIPs: func() []string {
 			allowed := []string{}
 			for _, prefix := range clientConfigRelay.GetAddresses() {
diff --git a/src/cmd/add_server.go b/src/cmd/add_server.go
index 80d1d56..97a99b7 100644
--- a/src/cmd/add_server.go
+++ b/src/cmd/add_server.go
@@ -142,6 +142,15 @@ func (c addServerCmdConfig) Run() {
 		// Add new server as relay peer.
 		serverRelayPeer, err := peer.GetPeerConfig(peer.PeerConfigArgs{
 			PublicKey: serverConfigRelay.GetPublicKey(),
+			PresharedKey: func() string {
+				if addArgs.generatePSK {
+					err := serverConfigRelay.GenPresharedKey()
+					check("failed to generate preshared key", err)
+					return serverConfigRelay.GetPresharedKey()
+				} else {
+					return ""
+				}
+			}(),
 			AllowedIPs: func() []string {
 				allowedIPs := []string{}
 				for _, prefix := range newRelayPrefixes {