Comment 18 for bug 1735402

Since this is the latest report, I will update here and will clean up other bugs related to credential management confusion once the work is completed.

Here is what I am doing to improve users experience around credentials:

1. [DONE] *Add more clarity around credentials commands*, i.e. which credential is being added/updated/deleted. This should help users to realise that there is a distinction between credentials stored locally on a client and credentials stored remotely on the controller. PR against develop that deals with locally stored credentials and their commands - https://github.com/juju/juju/pull/8363

2. [DOING] *Be clear what credential a model uses*. This involves showing users (with controller or model admin access) which credential is currently in use in 'show-model' output. As a drive-by, this work corrects api output for ModelInfo to filter out this information for non-authorised users.

3. [TODO] Add show-credential command to allow the owner of the credential to see the contents for it stored on the controller (secrets will be omitted). This command will provide clear messaging that it deals with *controller* stored credentials (not to be confused with locally stored).

4. [TODO] Renovate 'update-credential' command to operate at the model-scope, allowing authorised users to update/replace model credential without knowing its name. This command will provide clear messaging that it deals with *controller* stored credentials (not to be confused with locally stored).
In addition, this work may require a check of suitability for the new credential - will it work for this model, i.e. can Juju still see existing machines? As a consequence of this exercise, there is a potential to add a new command to check validity of a current model credential - IS operators have mentioned the need for the command to do this check on a few occasions :D