docs: refactor authentication to use CLI-based credentials (#789)

docs: refactor authentication to use CLI-based credentials

Update cloud provider authentication to use standard credential chains:

- GCE: Switch from GCE_KEY file to Application Default Credentials (ADC)
  supporting gcloud auth application-default login
- Azure: Document DefaultAzureCredential with az login as recommended
- AWS: Document full credential chain with aws configure as recommended

Also updates minectl-sdk to v0.21.0 and fixes tablewriter v1.1.2 API changes.

Signed-off-by: Engin Diri <engin.diri@ediri.de>

Author: dirien

cmd/minectl/create.go

@@ -50,12 +50,11 @@ func runCreate(cmd *cobra.Command, _ []string) error {
 		return err
 	}
 	if !headless {
-		table := tablewriter.NewWriter(os.Stdout)
-		table.SetHeader([]string{"ID", "NAME", "REGION", "TAGS", "IP"})
-
+		table := tablewriter.NewTable(os.Stdout,
+			tablewriter.WithHeader([]string{"ID", "NAME", "REGION", "TAGS", "IP"}),
+		)
 		table.Append([]string{res.ID, res.Name, res.Region, res.Tags, res.PublicIP})
 
-		table.SetBorder(false)
 		fmt.Println("")
 		table.Render()
 

cmd/minectl/list.go

@@ -54,13 +54,12 @@ func runList(cmd *cobra.Command, _ []string) error {
 	if !headless {
 		if len(servers) > 0 {
 			fmt.Println("")
-			table := tablewriter.NewWriter(os.Stdout)
-			table.SetHeader([]string{"ID", "NAME", "REGION", "TAGS", "IP"})
-
+			table := tablewriter.NewTable(os.Stdout,
+				tablewriter.WithHeader([]string{"ID", "NAME", "REGION", "TAGS", "IP"}),
+			)
 			for _, server := range servers {
 				table.Append([]string{server.ID, server.Name, server.Region, server.Tags, server.PublicIP})
 			}
-			table.SetBorder(false)
 			table.Render()
 		} else {
 			return errors.New("🤷 No server found")

docs/authentication.md

@@ -56,10 +56,32 @@ export SERVICENAME=<projectid>
 
 ### Google Compute Engine (GCE)
 
+`minectl` uses Google Cloud's Application Default Credentials (ADC) for authentication. This supports multiple authentication methods:
+
+#### Option 1: Sign in with gcloud CLI (Recommended)
+
+```bash
+gcloud auth application-default login
+export GOOGLE_PROJECT=<your-project-id>
+export GOOGLE_SERVICE_ACCOUNT_EMAIL=<your-service-account>@<project>.iam.gserviceaccount.com
+```
+
+#### Option 2: Service account JSON file
+
 ```bash
-export GCE_KEY=<pathto>/key.json
+export GOOGLE_APPLICATION_CREDENTIALS=<path-to>/service-account.json
+export GOOGLE_PROJECT=<your-project-id>
+export GOOGLE_SERVICE_ACCOUNT_EMAIL=<your-service-account>@<project>.iam.gserviceaccount.com
 ```
 
+#### Required Environment Variables
+
+| Variable | Description |
+|----------|-------------|
+| `GOOGLE_PROJECT` | Your GCP project ID |
+| `GOOGLE_SERVICE_ACCOUNT_EMAIL` | Service account email (required for OS Login SSH access) |
+| `GOOGLE_APPLICATION_CREDENTIALS` | (Optional) Path to service account JSON file |
+
 See [Getting Started - GCE edition](getting-started-gce.md) for details on how to create a GCP service account for `minectl`.
 
 ### Vultr
@@ -72,50 +94,55 @@ export VULTR_API_KEY=xxx
 
 > Please select a Hypervisor Generation '2' VM Size. As `minectl` uses only Hypervisor Generation 2 Images.
 
-You need to set the subscription ID via the `AZURE_SUBSCRIPTION_ID` environment variable.
+`minectl` uses Azure's DefaultAzureCredential for authentication, which supports multiple authentication methods automatically.
+
+#### Required Environment Variable
 
 ```bash
 export AZURE_SUBSCRIPTION_ID=xxx
 ```
 
-#### Option 1: Define environment variables
+#### Option 1: Sign in with Azure CLI (Recommended)
 
-##### Service principal with a secret
+```bash
+az login
+export AZURE_SUBSCRIPTION_ID=<your-subscription-id>
+```
+
+#### Option 2: Service principal with a secret
 
 ```bash
+export AZURE_SUBSCRIPTION_ID="<subscription_id>"
 export AZURE_TENANT_ID="<active_directory_tenant_id>"
 export AZURE_CLIENT_ID="<service_principal_appid>"
 export AZURE_CLIENT_SECRET="<service_principal_password>"
 ```
 
-##### Service principal with certificate
+#### Option 3: Service principal with certificate
 
 ```bash
+export AZURE_SUBSCRIPTION_ID="<subscription_id>"
 export AZURE_TENANT_ID="<active_directory_tenant_id>"
 export AZURE_CLIENT_ID="<service_principal_appid>"
 export AZURE_CLIENT_CERTIFICATE_PATH="<azure_client_certificate_path>"
 ```
 
-##### Username and password
+#### Option 4: Username and password
 
 ```bash
+export AZURE_SUBSCRIPTION_ID="<subscription_id>"
 export AZURE_CLIENT_ID="<service_principal_appid>"
 export AZURE_USERNAME="<azure_username>"
 export AZURE_PASSWORD="<azure_user_password>"
 ```
 
-#### Option 2: Use a managed identity
+#### Option 5: Managed identity (when running on Azure)
 
 ```bash
+export AZURE_SUBSCRIPTION_ID="<subscription_id>"
 export AZURE_CLIENT_ID="<user_assigned_managed_identity_client_id>"
 ```
 
-#### Option 3: Sign in with Azure CLI
-
-```bash
-az login
-```
-
 See [Azure authentication with the Azure SDK for Go](https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication) for details.
 
 ### Oracle Cloud Infrastructure
@@ -139,14 +166,19 @@ Please follow the instructions at https://docs.oracle.com/en-us/iaas/Content/API
 
 ### Amazon AWS
 
-`minectl` looks for credentials in the following order:
+`minectl` uses the standard AWS credential chain, which supports multiple authentication methods automatically.
 
-1. Environment variables
-2. Shared credentials file
+#### Option 1: Sign in with AWS CLI (Recommended)
+
+```bash
+aws configure
+```
 
-#### Credentials file
+This creates credentials in `~/.aws/credentials` and config in `~/.aws/config`.
 
-The credentials file is most often located in `~/.aws/credentials` and contains:
+#### Option 2: Shared credentials file
+
+The credentials file is located in `~/.aws/credentials`:
 
 ```bash
 cat ~/.aws/credentials
@@ -155,14 +187,27 @@ aws_access_key_id = xxxx
 aws_secret_access_key = zzzz
 ```
 
-#### Environment variables
+#### Option 3: Environment variables
 
 ```bash
 export AWS_ACCESS_KEY_ID=<aws_access_key_id>
 export AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>
 export AWS_REGION=<aws_region>
 ```
 
+#### Option 4: IAM instance profile (when running on EC2)
+
+When running on EC2, credentials are automatically retrieved from the instance metadata service.
+
+#### Credential Chain Order
+
+`minectl` looks for credentials in the following order:
+1. Environment variables
+2. Shared credentials file (`~/.aws/credentials`)
+3. Shared config file (`~/.aws/config`)
+4. IAM instance profile (EC2)
+5. Container credentials (ECS/Fargate)
+
 ### VEXXHOST
 
 It is recommended to store OpenStack credentials as environment variables because it decouples credential information from source code.

go.mod

@@ -1,13 +1,13 @@
 module github.com/dirien/minectl
 
-go 1.24.0
+go 1.24.9
 
 require (
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/Tnze/go-mc v1.20.2
 	github.com/blang/semver/v4 v4.0.0
 	github.com/c-bata/go-prompt v0.2.6
-	github.com/dirien/minectl-sdk v0.20.0
+	github.com/dirien/minectl-sdk v0.21.0
 	github.com/fatih/color v1.18.0
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/morikuni/aec v1.1.0
@@ -20,76 +20,76 @@ require (
 	sigs.k8s.io/yaml v1.6.0
 )
 
-//replace github.com/dirien/minectl-sdk => ../minectl-sdk/
+// replace github.com/dirien/minectl-sdk => ../minectl-sdk/
 
 require (
-	cloud.google.com/go/auth v0.14.1 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
-	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	cloud.google.com/go/auth v0.17.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
+	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	dario.cat/mergo v1.0.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.2.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7 v7.2.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v8 v8.0.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources/v3 v3.0.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.3.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.36.1 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.29.6 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.59 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ec2 v1.203.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 // indirect
-	github.com/aws/smithy-go v1.22.2 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.41.0 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.32.6 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.19.6 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ec2 v1.279.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect
+	github.com/aws/smithy-go v1.24.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/civo/civogo v0.3.94 // indirect
+	github.com/civo/civogo v0.6.5 // indirect
 	github.com/clipperhouse/displaywidth v0.6.0 // indirect
 	github.com/clipperhouse/stringish v0.1.1 // indirect
 	github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deepmap/oapi-codegen v1.9.1 // indirect
-	github.com/digitalocean/godo v1.137.0 // indirect
+	github.com/digitalocean/godo v1.171.0 // indirect
 	github.com/dirien/ovh-go-sdk v0.2.0 // indirect
 	github.com/exoscale/egoscale v0.101.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-resty/resty/v2 v2.16.3 // indirect
-	github.com/gofrs/flock v0.8.1 // indirect
+	github.com/go-resty/resty/v2 v2.17.1 // indirect
+	github.com/gofrs/flock v0.10.0 // indirect
 	github.com/gofrs/uuid v4.4.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
 	github.com/google/go-github v17.0.0+incompatible // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
-	github.com/gophercloud/gophercloud/v2 v2.5.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
+	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
+	github.com/gophercloud/gophercloud/v2 v2.9.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/hashicorp/go-version v1.3.0 // indirect
-	github.com/hetznercloud/hcloud-go/v2 v2.19.1 // indirect
+	github.com/hetznercloud/hcloud-go/v2 v2.33.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/linode/linodego v1.47.0 // indirect
+	github.com/linode/linodego v1.63.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.19 // indirect
@@ -104,46 +104,46 @@ require (
 	github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect
 	github.com/olekukonko/errors v1.1.0 // indirect
 	github.com/olekukonko/ll v0.1.3 // indirect
-	github.com/oracle/oci-go-sdk/v65 v65.83.1 // indirect
+	github.com/oracle/oci-go-sdk/v65 v65.105.2 // indirect
 	github.com/ovh/go-ovh v1.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/sftp v1.13.5 // indirect
 	github.com/pkg/term v1.2.0-beta.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.20.5 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32 // indirect
+	github.com/prometheus/client_golang v1.23.2 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.66.1 // indirect
+	github.com/prometheus/procfs v0.16.1 // indirect
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 // indirect
 	github.com/sethvargo/go-password v0.3.1 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/sony/gobreaker v0.5.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/stretchr/testify v1.10.0 // indirect
-	github.com/vultr/govultr/v3 v3.14.1 // indirect
+	github.com/stretchr/testify v1.11.1 // indirect
+	github.com/vultr/govultr/v3 v3.26.1 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
-	go.opentelemetry.io/otel v1.34.0 // indirect
-	go.opentelemetry.io/otel/metric v1.34.0 // indirect
-	go.opentelemetry.io/otel/trace v1.34.0 // indirect
+	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
+	go.opentelemetry.io/otel v1.38.0 // indirect
+	go.opentelemetry.io/otel/metric v1.38.0 // indirect
+	go.opentelemetry.io/otel/trace v1.38.0 // indirect
 	go.uber.org/multierr v1.10.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
-	golang.org/x/mod v0.20.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/oauth2 v0.26.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/term v0.30.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/time v0.10.0 // indirect
-	google.golang.org/api v0.221.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	golang.org/x/time v0.14.0 // indirect
+	google.golang.org/api v0.258.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
-	google.golang.org/grpc v1.71.0 // indirect
+	google.golang.org/grpc v1.77.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect