I spent a while hacking on this and figured out the tricks. Hopefully this will save the next person an hour or two of head banging.
First, get a token from Digital Ocean. Go to your control panel. Click on API. Turns out my old token was still there. Anyway, generate a new token. You need to save this on your local PC, not your droplet. (Technically save it where you will be running curl, which probably is your local PC.) You can always go back to the control panel and regenerate the token by clicking on edit and following instructions.
The instructions to edit a DNS are found here:
DNS API instructions
Note there is a curl example at the right side of the page. However it is not for entering the dkim parameter. What I did is read the instructions and changed the example for entering the dkim parameter. But there is a catch. The p parameter of the dkim public will run over several lines. If you used opendkim-genkey, there will be continuations and such. In theory you could use them as is, but I couldn’t get the api to work. What I suggest is using an editor (vi nano etc) to create a file containing the curl command and run it using sh. I called mine feed_dkim. Here is a sanitized version of the file. (fake key, domain, etc.) What you want to make sure is your quoted fields look like mine, that is no nested quotes. The output of opendkim-genkey will add quotes that you don’t need.
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer tokengoeshere" -d '{"type":"TXT","name":"default._domainkey","data":"v=DKIM1; k=rsa; s=email; p=nPnay721k2ApKmCXeg9DZgcZE4yr5Vw8P2nd3NeLSHYEuflTN0osXODUmFLqSxHnPnay721k2ApKmCXeg9DZgcZE4yr5Vw8P2nd3NeLSHYEuflTN0osXODUmFLqSxHnPnay721k2ApKmCXeg9DZgcZE4yr5Vw8P2nd3NeLSHYEuflTN0osXODUmFLqSxH","priority":null,"port":null,"ttl":1800,"weight":null,"flags":null,"tag":null}' "https://api.digitalocean.com/v2/domains/mydomain.com/records"
Things to change:
1) Replace tokengoeshere with your token
2)The field after “name” is your key selector. I’m using tables, so I left it as default. (This depends on your opendkim setup.)
3) The field after “data” is your key. The p field is the long one. If you see slashes in your generated key, those are continuations. You need to delete them, basically getting the p field to be one long string
4) Change mydomain.com to whatever your domain is.
I used vi to create the feed_dkim file. You should verify the file is one long line. Use the up/down arrow keys. If you have multiple lines, control J will join them.
On your PC:
sh feed_dkim
and hope for the best. There will be an error message if it bombs. You can go to your control panel and look at the results.
Since this is a DNS field, you will have to wait for DNS propagation. Once the field propagates, use this website to test your dkim.
dkim validator