Comment 2 for bug 1403617

smoser and I had a conversation in #cloud-init about this on Friday.

Our conclusion was that we should mirror what the cloud vendor is doing (i.e. ignore project-level keys if instance-level keys are specified).

We also discussed how we could configure an instance in a project _with_ SSH keys to start _without_ any SSH keys. smoser proposed (a) using the presence of the empty string in the instance sshKeys metadata value. He also noted that (b) creating a fresh key, attaching it as an instance-level SSH key and instantly shredding it would also give the desired behaviour.

I think that this requirement is uncommon enough that (b) should suffice. Furthermore, I can imagine (a) breaking automation that would work with just GCE's daemons (as they just ignore the empty string).