Support subscription to credentials change

[dafortune]

I'd like to describe an use case I think might be interesting to support. We are currently using credstash on our services and one of the core features we need is supporting key rotation. What we do is:

1. Getting the key from Credstash and putting it in a cache.
2. We use that stored key to expose a public key that is used on services we interact with.
3. When we rotate the key we need to clean the cache. So ALL OUR NODES get updated (and so get the new key + kid) at the same time.

To support #3 we'd were thinking that a pub-sub approach based on dynamo features might help, but not sure if you want this feature as part of the core (if so I could provide a PR). Opened this issues to know what you think.

[roylines]

Feels better as a separate module that uses credstash internally?