diff --git a/CHANGELOG.md b/CHANGELOG.md
index 455db9a..75a3263 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@
 * Use more sets and vars definitions for input/output to avoid multiple rules.
 * Allow outgoing icmp.
 * Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
+* Allow outgoing OpenPGP HTTP requests.
 
 ## v1.0
 
diff --git a/README.md b/README.md
index 466825c..40327fc 100644
--- a/README.md
+++ b/README.md
@@ -116,7 +116,7 @@ nft_define_default:
     value: 'none'
   output tcp accepted:
     name: output_tcp_accept
-    value: '{ http, https }'
+    value: '{ http, https, hkp }'
   output udp accepted:
     name: output_udp_accept
     value: '{ bootps, domain, ntp }'
@@ -177,7 +177,7 @@ table inet firewall {
 	set output_tcp_accept {
 		type inet_service
 		flags interval
-		elements = { http, https}
+		elements = { http, https, hkp}
 	}
 
 	set output_udp_accept {
diff --git a/defaults/main.yml b/defaults/main.yml
index 11ae39c..1cbf118 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -71,7 +71,7 @@ nft_define_default:
     value: 'none'
   output tcp accepted:
     name: output_tcp_accept
-    value: '{ http, https }'
+    value: '{ http, https, hkp }'
   output udp accepted:
     name: output_udp_accept
     value: '{ bootps, domain, ntp }'