Consider adding a keystore watcher
Sometimes we want to react to keystore changes. For example, if the identity of the service is rotated through some external means (e.g. via the arti hss
command), the descriptor publisher needs to create and publish a new descriptor (using the newly generated keys).
- do we want the ability to "watch" keystores? What would the implementation for this look like? Should the
Keystore
trait have a function that returns the receiving end of an e.g.postage::watch
channel? Will the channel return a()
indicating something changed (without specifying what), or should it return the list of affectedKeyPath
s (or the correspondingKeyPathPattern
s)? - implementing this for FS-based keystores is fairly easy, but what about the HSM-based ones?