Code review comment for lp:~cjohnston/ubuntu-ci-services-itself/get-swift-image

> Because the image containers are presently set to be private, even though the
> artifact reference can be seen on the WebUI, it isn't possible for a user to
> download the image via the WebUI since they are missing the proper
> credentials. Because of this, we needed a way for the user to be able to
> download the image with the proper credentials.

Just to throw support behind this, I think it's entirely reasonable that we do not provide access to the images via the webui in phase 0 (and I think we discussed as much on IRC when planning where this feature would get implemented).

Once we're past phase 0, I want to see us put data store object creation behind a new intermediary service that manages the credentials. The CLI should just send the signed GPG content and this intermediary should validate the signature. No cloud credentials should change hands.

This is bug 1288710.