Identity management for WireGuard

At some point someone will realize everybody is just reinventing the wheel, and add WireGuard support to IKE. Then all will be right with the world.
On balance WireGuard is clearly a better transport than IPSec, at least for tunneled VPNs. But IKE is much more mature and proven. IKE is complex, but unlike transport, key management has always been the most irreducibly complex part of the equation, especially without the ability to leverage WebPKI's centralized trust anchors.

Using OpenIKED, in just a few lines I can configure the server-side of a VPN which works trivially with the native IKE clients on Windows, macOS, Android, and iPhone. All these ad hoc WireGuard solutions will never get to that point, at least not without a formal standard.