From bcce1ef87c4d25eef958d7b5a24b4ed04bdfc405 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leo=20Bergn=C3=A9hr?= <leo@bergnehr.se>
Date: Fri, 17 Jan 2025 16:43:39 +0100
Subject: [PATCH] Add documentation on the `login` command

---
 README.md | 37 ++++++++++++++++++++++++++++---------
 1 file changed, 28 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 795dd76..bb07228 100644
--- a/README.md
+++ b/README.md
@@ -219,18 +219,37 @@ mixins:
 
 ### Authenticate
 
+The az mixin supports several authentication methods. All are provided with custom `login` command:
+
 ```yaml
-az:
-  description: "Azure CLI login"
-  arguments:
-    - login
-  flags:
-    service-principal:
-    username: ${ bundle.credentials.AZURE_SP_CLIENT_ID }
-    password: ${ bundle.credentials.AZURE_SP_PASSWORD }
-    tenant: ${ bundle.credentials.AZURE_TENANT }
+login:
+  az:
+    login:
 ```
 
+### Existing Azure CLI Authentication
+
+If you have already authenticated using `az login`, the mixin will use your
+existing credentials. This requires the following files to exist in your
+`.azure` directory:
+- `azureProfile.json`: Contains your Azure profile information.
+- `msal_token_cache.json`: Contains the cached authentication tokens.
+
+### Service Principal Authentication
+
+To authenticate using a service principal, set the following environment
+variables:
+- `AZURE_CLIENT_ID`
+- `AZURE_CLIENT_SECRET`
+- `AZURE_TENANT_ID`
+
+### Managed Identity Authentication
+
+When running in Azure, you can authenticate using managed identity. By default,
+the system-assigned managed identity is used. To use a user-assigned managed
+identity, set the `AZURE_CLIENT_ID` environment variable to the client ID of
+the managed identity.
+
 ### Provision a VM
 
 Create a VM, ignoring the error if it already exists.