Hetzner Cloud is the fourth provider that's now a first-class citizen in Servonaut, sitting next to AWS, OVH, and the catch-all custom-SSH path. The integration is end-to-end: list, create, power on, shutdown, reboot, and delete — from the TUI, from the servonaut hetzner ... CLI, and from 11 MCP tools your AI agent can call directly.

We built it for a workflow we already had on every laptop in the team: spin up two or three boxes for a demo recording or a staging branch, run a bootstrap script, throw them away. With long-lived AWS fleets, that workflow is overkill. With manual hcloud server create calls, it's death by typing. So now there's a sidebar tab for it.

The 90-second version

# 1. Token. Drop it where the official `hcloud` CLI looks (zero-config):
echo "abc...your-token..." > ~/.config/hcloud/token
chmod 600 ~/.config/hcloud/token

# 2. Enable the provider in ~/.servonaut/config.json:
#      "hetzner": { "enabled": true }

# 3. Spin up a box:
servonaut hetzner create demo-1 --ssh-key laptop

# 4. Servonaut auto-registers it into the unified instance list.
#    SSH, scp, run-command, log viewer — all work within seconds.

# 5. When you're done:
servonaut hetzner destroy demo-1 --yes

Open the TUI, hit the Hetzner → ⚙ Manage sidebar entry, and you'll see the same fleet in a per-provider table with a state-aware toolbar (Create / Power on / Shutdown / Reboot / Delete). The buttons enable based on the selected row's state, so you don't accidentally try to power on a server that's already running.

Token chain

The token resolves from the first matching source, in order:

  1. config.hetzner.api_token (with optional $ENV_VAR / file: prefixes)
  2. $HCLOUD_TOKEN
  3. ~/.config/hcloud/token

That last one is the Hetzner-recommended location: it's where the official hcloud CLI and the Terraform provider both look. If you already have a token there, Servonaut picks it up with no extra wiring. The fallback chain is the same one Terraform uses, so you don't end up with three copies of the same secret on disk.

The create wizard

The TUI's create wizard is region-first: pick a Hetzner location (fsn1, nbg1, hel1, ash, hil, sin), and it filters server types and images to what's actually deployable there. Hetzner deprecates server types per location every ~18 months — the wizard reads from their live catalog and hides combinations that would 400 on submit.

Two safety rails worth calling out:

  • No SSH keys → refuse to create. By default, require_ssh_keys_on_create=true. If you have no SSH keys registered with the project, the wizard nudges you to add one before continuing. The reason: Hetzner would otherwise spawn a server with a random root password the API discards, leaving you with a billed unreachable box. We've all done it once. Once is enough.
  • Typed-name destroy. servonaut hetzner destroy <name> requires you to type the name back, unless you pass --yes (for CI). The MCP hetzner_delete_server tool's description carries the same instruction to the LLM: "always confirm with the user before invoking — deletion is permanent."

What your AI agent can do with it

Eleven MCP tools, registered automatically when the Hetzner service is wired up. Read tools (hetzner_list_servers, hetzner_list_server_types, hetzner_list_ssh_keys) work at the readonly guard level. Mutating tools (create, delete, power state, SSH-key registration) require mcp.guard_level = dangerous and gate behind the hetzner_mcp_operations entitlement (free=0, Solo=50, Teams=200/seat).

A typical agent session looks like:

"Spin up two cx23 boxes in fsn1 named demo-1 and demo-2, run my cluster bootstrap script on both, then summarise their journalctl errors."

Behind the scenes, the agent calls hetzner_create_server twice (with confirmation), then run_command for the bootstrap, then get_logs for the errors. The auto-registration logic means run_command works on a brand-new server within seconds of the create call returning — no manual "add server" flow.

Why we chose Hetzner over X for the disposable-fleet workflow

Hetzner's hourly billing is effectively free for the demo-fleet pattern: cx23 is €0.005/hour, so four boxes for a 10-minute recording costs roughly €0.003 total. The API is fast (sub-second list, sub-30s create), the catalog is small enough that the wizard isn't overwhelming, and the EU pricing makes it the obvious choice for European startups.

It's not a replacement for AWS. It's a replacement for the AWS workflow you only use for ten minutes at a time.

Getting started

The full guide is at /docs/hetzner — covers the setup wizard, the Manager screen, the CLI verbs, all 11 MCP tools, and the security/safety story (token redaction, audit log, 0o600 cache, etc.).

Free-tier users get the CLI commands; the hosted MCP tools are gated behind the Solo and Teams plans (entitlement: hetzner_mcp_operations). Either way, your token never leaves the machine — config sync strips it before upload.