AzureDevOps — Secrets Library usage
AzureDevOps — Secrets Library usage
Recently I have been doing migration of my Azure Services from 1 tenant to another tenant. As a part of this migration, i was changing all my AzureDevOps pipelines as well.
Problem Statement
As a part of this migration In my AzureDevOps pipelines, I was using a lot of PowerShell and Command-line scripts.
One of the common scenarios was “az login” usage.
As a part of authentication in the Old platform, I was using an SPN username and Password. For the new Platform, as a part of Organization compliance and governance policies, I have been forced to use SPN Username with certificate-based Authentication.
Use case
So let's look into the use case.
- In my pipelines I was using az login commands something as
az login — debug — service-principal -u “XXXXXc4a-xxxxx-952a-9daff0xxxxx” -p “XXXXX_XXXXXXX_XXXXXXX_XXXXX” — tenant “XXXeeefe-e2f5–XXXX-abc6-XXXXXX”
Later setting my required subscription.
az account set — subscription “XXXXXX-69b1–4b99-b98a-XXXXXXXXXXX"
Now I am moving away from Username and password.
Solution
So how do I use SPN Username and Certificate-based authentication?
Let's get into step by step.
- Open AzureDevOps → Go to Library (Under Pipelines) → Click on the Secure files tab.
- Convert your .pfx file to .pem format. Click on + sign to upload the new secure file. Just for an example, I have given by generated .pem file name as "cert1325.pem"
3. Now once the file is uploaded now we need to call this file in our AzureDevOps pipeline for Authentication.
4. Open the AzureDevOps pipeline → Click on + sign to add new step → Select Download Secure file (task) → Later we need to save this file at some location so that AzureDevOps can pick this file. Now lets select → copy task
Define Source location as “$(Agent.TempDirectory)”
The target folder should be “$(build.artifactstagingdirectory)/”
Now for Copy task
Finally for Authentication, please use the command line script.
Finally Save and Queue.
