A disable option does not change a running Wireguard configuration, so the next two configs are actually equal:
set interfaces wireguard wg01 peer cl01 allowed-ips '10.0.0.1/32' set interfaces wireguard wg01 peer cl01 disable set interfaces wireguard wg01 peer cl01 public-key 'PQ7XasRmBAZukrKYSQctTMr/CzMJwLVfrulloNVXd1E=' set interfaces wireguard wg01 private-key 'AOMCPhDgCKhleSWV6/hko4QXhtelypAwY5wMqNVn7Xo='
set interfaces wireguard wg01 peer cl01 allowed-ips '10.0.0.1/32' set interfaces wireguard wg01 peer cl01 public-key 'PQ7XasRmBAZukrKYSQctTMr/CzMJwLVfrulloNVXd1E=' set interfaces wireguard wg01 private-key 'AOMCPhDgCKhleSWV6/hko4QXhtelypAwY5wMqNVn7Xo='
Also, an old peer will stay configured in case of a public key change:
[edit] vyos@vyos# set interfaces wireguard wg01 peer cl01 public-key 7U9iuIzhXmjNoj/bbiufkyF5tcmCsdXTXq2AOgRCeF0= [edit] vyos@vyos# commit [edit] vyos@vyos# sudo wg interface: wg01 public key: YkAEhGXMPzKhBzzXkwrhBLLQx6osk2EoTbanDigyiDM= private key: (hidden) listening port: 51491 peer: PQ7XasRmBAZukrKYSQctTMr/CzMJwLVfrulloNVXd1E= allowed ips: (none) peer: 7U9iuIzhXmjNoj/bbiufkyF5tcmCsdXTXq2AOgRCeF0= allowed ips: 10.0.0.1/32