Another area I’m interested in is how credentials (eg to s3 storage, dask gateway) should be dealt with. “general secrets” can be simply specified at create time and mounted. I’m not sure how one would deal with user-specific secrets.