Skip to main content

Azure DevOps Locations

The Azure DevOps integration supports loading catalog entities from Azure DevOps. Entities can be added to static catalog configuration, or registered with the catalog-import plugin.

Using a service principal:

integrations:
azure:
- host: dev.azure.com
credentials:
- clientId: ${AZURE_CLIENT_ID}
clientSecret: ${AZURE_CLIENT_SECRET}
tenantId: ${AZURE_TENANT_ID}

Using a managed identity:

integrations:
azure:
- host: dev.azure.com
credentials:
- clientId: ${AZURE_CLIENT_ID}

Using a personal access token (PAT):

integrations:
azure:
- host: dev.azure.com
credentials:
- personalAccessToken: ${PERSONAL_ACCESS_TOKEN}

You can use specific credentials for different Azure DevOps organizations by specifying the organizations field on the credential:

integrations:
azure:
- host: dev.azure.com
credentials:
- organizations:
- my-org
- my-other-org
clientId: ${AZURE_CLIENT_ID}
clientSecret: ${AZURE_CLIENT_SECRET}
tenantId: ${AZURE_TENANT_ID}
- organizations:
- another-org
clientId: ${AZURE_CLIENT_ID}
- organizations:
- yet-another-org
personalAccessToken: ${PERSONAL_ACCESS_TOKEN}

If you do not specify the organizations field the credential will be used for all organizations for which no other credential is configured.

Note: An Azure DevOps provider is added automatically at startup for convenience, so you only need to list it if you want to supply a personalAccessToken, a service principal, or a managed identity

The configuration is a structure with these elements:

  • credentials: (optional): A service principal, managed identity, or personal access token

The credentials element is a structure with these elements:

  • organizations: (optional): A list of organizations for which this credential should be used. If not specified the credential will be used for all organizations for which no other credential is configured.
  • clientId: The client ID of the service principal or managed identity (required for service principal and managed identities)
  • clientSecret: The client secret of the service principal (required for service principal)
  • tenantId: The tenant ID of the service principal (required for service principal)
  • personalAccessToken: The personal access token (required for personal access token)

Note:

  • You cannot use a service principal or managed identity for Azure DevOps Server (on-premises) organizations
  • You can only use a service principal or managed identity for Microsoft Entra ID (formerly Azure Active Directory) backed Azure DevOps organizations
  • You can only specify one credential per host without any organizations specified
  • The personal access token should just be provided as the raw token generated by Azure DevOps using the format raw_token with no base64 encoding. Formatting and base64'ing is handled by dependent libraries handling the Azure DevOps API