Hello,

I've failed, trying my best not to start yet another Wireguard topic this one couldn't fit anywhere (or would fit each and every other...)
In this case I'm using Proton VPN, but I don't think they are the only 3rd party provider with this way of config.

The basic workflow is:

1. Go to their website
2. Generate config file based on server country and options
3. Configure router based on data included in file

Now let's say I want to change a country where I exit tunnel I could:

1. Generate new config and configure new interface or reconfigure old
2. Grab details of the server from API and update Peer on MikroTik

Option B won't give me new private key to enter under interface - my concern is: do I need to update it?

Whole change of the country process is possible by updating two parameters on peer: It works with private key provided by different config file before (at least looks like it does - I have connectivity with public IP from new server, but didn't get into details of encryption of packets etc.)
Is this correct to assume that each and every Proton server has access to centrally stored public keys assigned with my machine in order to identify me as authorised?
Are there any additional implications of such approach?

Sounds like a question for the third party provider.
Typically they give you an account and with that is the address of the server your IP address etc, but also the private key they want you to use instead of the MT generated one.
They then no longer need you to send you your public generated key as they already have it.

Thus the question becomes, as long as they dont give you another private key to use for the different country, one would think that
that remains the same so yes the public key they have for you could possibly span all the connections.