[Docs] Clarify Nebius credential setup

.readthedocs.yml

@@ -9,6 +9,22 @@ build:
   os: "ubuntu-22.04"
   tools:
     python: "3.10"
+  jobs:
+    post_checkout:
+      # Cancel building pull requests when there aren't changed in the docs
+      # directory.
+      # `--quiet` exits with a 1 when there **are** changes,
+      # so we invert the logic with a !
+      #
+      # If there are no changes (exit 0) we force the command to return with 183.
+      # This is a special exit code on Read the Docs that will cancel the build
+      # immediately.
+      # Reference: https://docs.readthedocs.com/platform/stable/build-customization.html#cancel-build-based-on-a-condition
+      - |
+        if [ "$READTHEDOCS_VERSION_TYPE" = "external" ] && git diff --quiet origin/master -- docs/ .readthedocs.yml;
+        then
+          exit 183;
+        fi
 
 # Build documentation in the docs/ directory with Sphinx
 sphinx:

docs/source/cloud-setup/cloud-permissions/index.rst

@@ -19,5 +19,6 @@ Table of contents
 
     aws
     gcp
+    nebius
     vsphere
     kubernetes

docs/source/cloud-setup/cloud-permissions/nebius.rst

@@ -0,0 +1,39 @@
+Nebius
+======
+
+.. _nebius-service-account:
+
+Service account
+----------------
+
+To use *Service Account* authentication, follow these steps:
+
+1. **Create a Service Account** using the Nebius web console.
+2. **Generate PEM Keys**:
+
+.. code-block:: shell
+
+   openssl genrsa -out private.pem 4096 && openssl rsa -in private.pem -outform PEM -pubout -out public.pem
+
+3.  **Generate and Save the Credentials File**:
+
+* Save the file as `~/.nebius/credentials.json`.
+* Ensure the file matches the expected format below:
+
+.. code-block:: json
+
+     {
+         "subject-credentials": {
+             "alg": "RS256",
+             "private-key": "PKCS#8 PEM with new lines escaped as \n",
+             "kid": "public-key-id",
+             "iss": "service-account-id",
+             "sub": "service-account-id"
+         }
+     }
+
+
+**Important Notes:**
+
+* The `NEBIUS_IAM_TOKEN` file, if present, will take priority for authentication.
+* Service Accounts are restricted to a single region. Ensure you configure the Service Account for the appropriate region during creation.

docs/source/getting-started/installation.rst

@@ -539,50 +539,15 @@ Nebius
 
   mkdir -p ~/.nebius
   nebius iam get-access-token > ~/.nebius/NEBIUS_IAM_TOKEN.txt
-
-If you have one tenant you can run:
-
-.. code-block:: shell
-
   nebius --format json iam whoami|jq -r '.user_profile.tenants[0].tenant_id' > ~/.nebius/NEBIUS_TENANT_ID.txt
 
-You can specify a preferable project ID, which will be used if a project ID is required in the designated region.
+**Optional**: You can specify a preferable project ID, which will be used if a project ID is required in the designated region.
 
 .. code-block:: shell
 
   echo $NEBIUS_PROJECT_ID > ~/.nebius/NEBIUS_PROJECT_ID.txt
 
-To use *Service Account* authentication, follow these steps:
-
-1. **Create a Service Account** using the Nebius web console.
-2. **Generate PEM Keys**:
-
-.. code-block:: shell
-
-   openssl genrsa -out private.pem 4096 && openssl rsa -in private.pem -outform PEM -pubout -out public.pem
-
-3.  **Generate and Save the Credentials File**:
-
-* Save the file as `~/.nebius/credentials.json`.
-* Ensure the file matches the expected format below:
-
-.. code-block:: json
-
-     {
-         "subject-credentials": {
-             "alg": "RS256",
-             "private-key": "PKCS#8 PEM with new lines escaped as \n",
-             "kid": "public-key-id",
-             "iss": "service-account-id",
-             "sub": "service-account-id"
-         }
-     }
-
-
-**Important Notes:**
-
-* The `NEBIUS_IAM_TOKEN` file, if present, will take priority for authentication.
-* Service Accounts are restricted to a single region. Ensure you configure the Service Account for the appropriate region during creation.
+Alternatively, you can also use a service account to access Nebius, see 
 
 Nebius offers `Object Storage <https://nebius.com/services/storage>`_, an S3-compatible object storage without any egress charges.
 SkyPilot can download/upload data to Nebius buckets and mount them as local filesystem on clusters launched by SkyPilot. To set up Nebius support, run: