[17:04:52] <dduvall>	 had an idea this morning for a registry auth solution. what if we assign credentials to each trusted runner and have them request a bearer token from the registry (scoped to a registry namespace based on the project name) prior to each job. the token is provided to the job via a mount and destroyed/invalidated after the job is finished 
[17:05:22] <dduvall>	 similar to what gitlab does for it's own registry