diff --git a/controllers/network.go b/controllers/network.go
index f0b4bf80..974cd026 100644
--- a/controllers/network.go
+++ b/controllers/network.go
@@ -30,7 +30,7 @@ func networkHandlers(r *mux.Router) {
 	r.HandleFunc("/api/networks/{networkname}", securityCheck(false, http.HandlerFunc(updateNetwork))).Methods("PUT")
 	r.HandleFunc("/api/networks/{networkname}/nodelimit", securityCheck(true, http.HandlerFunc(updateNetworkNodeLimit))).Methods("PUT")
 	r.HandleFunc("/api/networks/{networkname}", securityCheck(true, http.HandlerFunc(deleteNetwork))).Methods("DELETE")
-	r.HandleFunc("/api/networks/{networkname}/keyupdate", securityCheck(false, http.HandlerFunc(keyUpdate))).Methods("POST")
+	r.HandleFunc("/api/networks/{networkname}/keyupdate", securityCheck(true, http.HandlerFunc(keyUpdate))).Methods("POST")
 	r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(false, http.HandlerFunc(createAccessKey))).Methods("POST")
 	r.HandleFunc("/api/networks/{networkname}/keys", securityCheck(false, http.HandlerFunc(getAccessKeys))).Methods("GET")
 	r.HandleFunc("/api/networks/{networkname}/keys/{name}", securityCheck(false, http.HandlerFunc(deleteAccessKey))).Methods("DELETE")
@@ -119,9 +119,11 @@ func keyUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	for _, node := range nodes {
-		logger.Log(3, "updating node ", node.Name, " for a key update")
+		logger.Log(2, "updating node ", node.Name, " for a key update")
 		if node.IsServer != "yes" {
-			runUpdates(&node, false)
+			if err = mq.NodeUpdate(&node); err != nil {
+				logger.Log(1, "failed to send update to node during a network wide key update", node.Name, node.ID, err.Error())
+			}
 		}
 	}
 }
diff --git a/netclient/functions/daemon.go b/netclient/functions/daemon.go
index 988f566d..24f01a42 100644
--- a/netclient/functions/daemon.go
+++ b/netclient/functions/daemon.go
@@ -91,6 +91,11 @@ func UpdateKeys(nodeCfg *config.ClientConfig, client mqtt.Client) error {
 		ncutils.Log("error updating wireguard key " + err.Error())
 		return err
 	}
+	if storeErr := wireguard.StorePrivKey(key.String(), nodeCfg.Network); storeErr != nil {
+		ncutils.Log("failed to save private key" + storeErr.Error())
+		return storeErr
+	}
+
 	nodeCfg.Node.PublicKey = key.PublicKey().String()
 	var commsCfg = getCommsCfgByNode(&nodeCfg.Node)
 	PublishNodeUpdate(&commsCfg, nodeCfg)
diff --git a/netclient/functions/mqpublish.go b/netclient/functions/mqpublish.go
index 8fe37150..d0040a61 100644
--- a/netclient/functions/mqpublish.go
+++ b/netclient/functions/mqpublish.go
@@ -99,7 +99,7 @@ func PublishNodeUpdate(commsCfg, nodeCfg *config.ClientConfig) error {
 	if err = publish(commsCfg, nodeCfg, fmt.Sprintf("update/%s", nodeCfg.Node.ID), data, 1); err != nil {
 		return err
 	}
-	ncutils.PrintLog("sent a node update to server for node"+nodeCfg.Node.ID+", "+nodeCfg.Node.ID, 1)
+	ncutils.PrintLog("sent a node update to server for node"+nodeCfg.Node.Name+", "+nodeCfg.Node.ID, 1)
 	return nil
 }