[enhancement]: DKIM Rotation

[nomadturk]

Which feature or improvement would you like to request?

I'd like to see this feature:

The way stalwart is built at the moment, there is a single set of DKIM keys, with no way to change, reissue them.

It would be great if we can create multiple DKIM rsa keys per domain, and were able rotate them an API call by making another key the main, making the older one obsolete.

And with another API endpoint, if we can delete/renew the old one, that would give us the ability to rotate DKIM keys while another one is being used.

Is your feature request related to a problem?

I'm having a problem with...

Code of Conduct

• I agree to follow this project's Code of Conduct

[andreymal]

Duplicate of #368?

Right now you can create/edit/delete DKIM keys using POST /api/settings, although it's a bit inconvenient

[nomadturk]

Looks like it is really similar @andreymal
And I also have a vote there ^_^

But I would be opposed to automatic rotation. And this feature shouldn't be tied to TLS-DNS-01. Stalwart does not and can not manage the DNS for all clients.

And another difference is, I would like to see at least 2 different keys, during time of domain creation.
Only one should be active and disabling one and enabling the other would give seamless rotation capability without having to mess with DNS all the time. And once they are present, this could be as easy as calling a switch key endpoint.