# TODO

There's lots of things to add.

- TLS
  - Autorenew this with an ACME server (eg, Boulder; use the Lego library)
  - self-host the Boulder server & add the main CA pubkey to the client
  - Work with self-signed stuff for now tho
- Authentication
  - Give each client an API key
  - Limit decryption keys that client can access?
- Admin UI on the server
  - Manage client accounts
  - Import public keys
  - Add/Remove keys
- Private Key autorotation
- PGP Public Key Server
  - a la keys.openpgp.org
  - two servers?  one public (company pub keys), one internal (customer pub
    keys)
- Encryption groups
  - Add a number of public keys to a group.  When the client encrypts to a
    group, use all the keys.
  - Auto-remove expired keys from groups