[enhancement]: DKIM signing with Vault Transit engine

stalwartlabs / mail-server

Secure & Modern All-in-One Mail Server (IMAP, JMAP, POP3, SMTP)

https://stalw.art

5.3k stars 222 forks source link

[enhancement]: DKIM signing with Vault Transit engine #876

Open firstdorsal opened 1 month ago

firstdorsal commented 1 month ago

Which feature or improvement would you like to request?

I'd like to see this feature: DKIM signing with the transit API from Vault https://developer.hashicorp.com/vault/docs/secrets/transit

Is your feature request related to a problem?

I'm having a problem with...

Code of Conduct

[X] I agree to follow this project's Code of Conduct

mdecimus commented 1 month ago

What are the benefits of using Vault Transit over ring? Calling an external API each time a message needs to be signed or verified will just add latency to your system.

firstdorsal commented 1 month ago

Yes, this will add latency, but it moves the actual keys away from the application, so it cannot even get to them itself. This could be interesting for compliance and auditing reasons too.