Azure DevOps Locations
The Azure DevOps integration supports loading catalog entities from Azure DevOps. Entities can be added to static catalog configuration, or registered with the catalog-import plugin.
Using a service principal:
integrations:
azure:
- host: dev.azure.com
credentials:
- clientId: ${AZURE_CLIENT_ID}
clientSecret: ${AZURE_CLIENT_SECRET}
tenantId: ${AZURE_TENANT_ID}
Using a managed identity:
integrations:
azure:
- host: dev.azure.com
credentials:
- clientId: ${AZURE_CLIENT_ID}
Using a personal access token (PAT):
integrations:
azure:
- host: dev.azure.com
credentials:
- personalAccessToken: ${PERSONAL_ACCESS_TOKEN}
You can use specific credentials for different Azure DevOps organizations by specifying the organizations
field on the credential:
integrations:
azure:
- host: dev.azure.com
credentials:
- organizations:
- my-org
- my-other-org
clientId: ${AZURE_CLIENT_ID}
clientSecret: ${AZURE_CLIENT_SECRET}
tenantId: ${AZURE_TENANT_ID}
- organizations:
- another-org
clientId: ${AZURE_CLIENT_ID}
- organizations:
- yet-another-org
personalAccessToken: ${PERSONAL_ACCESS_TOKEN}
If you do not specify the organizations
field the credential will be used for all organizations for which no other credential is configured.
Note: An Azure DevOps provider is added automatically at startup for convenience, so you only need to list it if you want to supply a personalAccessToken, a service principal, or a managed identity
The configuration is a structure with these elements:
credentials
: (optional): A service principal, managed identity, or personal access token
The credentials
element is a structure with these elements:
organizations
: (optional): A list of organizations for which this credential should be used. If not specified the credential will be used for all organizations for which no other credential is configured.clientId
: The client ID of the service principal or managed identity (required for service principal and managed identities)clientSecret
: The client secret of the service principal (required for service principal)tenantId
: The tenant ID of the service principal (required for service principal)personalAccessToken
: The personal access token (required for personal access token)
Note:
- You cannot use a service principal or managed identity for Azure DevOps Server (on-premises) organizations
- You can only use a service principal or managed identity for Microsoft Entra ID (formerly Azure Active Directory) backed Azure DevOps organizations
- You can only specify one credential per host without any organizations specified
- The personal access token should just be provided as the raw token generated by Azure DevOps using the format
raw_token
with no base64 encoding. Formatting and base64'ing is handled by dependent libraries handling the Azure DevOps API