AzureDevOps — Secrets Library usage
Recently I have been doing migration of my Azure Services from 1 tenant to another tenant. As a part of this migration i was changing all my AzureDevOps pipelines as well.
Problem Statement
As a part of this migration In my AzureDevOps pipelines I was using lot of PowerShell and Command line scripts.
One of the common scenario was “az login” usage.
As a part of authentication in Old platform I was using SPN username and Password. For new Platform as a part of Organization compliance and governance policies I have been forced to use SPN Username with certificate based Authentication.
Use case
So lets look into use case.
- In my pipelines I was using az login commands something as
az login — debug — service-principal -u “XXXXXc4a-xxxxx-952a-9daff0xxxxx” -p “XXXXX_XXXXXXX_XXXXXXX_XXXXX” — tenant “XXXeeefe-e2f5–XXXX-abc6-XXXXXX”
Later setting my required subscription.
az account set — subscription “XXXXXX-69b1–4b99-b98a-XXXXXXXXXXX"
Now I am moving away from Username and password.
Solution
So how do I use SPN Username and Certificate based authentication.
Lets get into step by step.
- Open AzureDevOps → Go to Library (Under Pipelines) → Click on Secure files tab.
- Convert your .pfx file to .pem format. Click on + sign to upload new secure file. Just for an example I have given by generated .pem file name as “cert1325.pem”
3. Now once the file is upload now we need to call this file in our AzureDevOps pipeline for Authentication.
4. Open AzureDevOps pipeline → Click on + sign to add new step → Select Download Secure file (task) → Later we need to save this file at some location so that AzureDevOps can pick this file. Now lets select → copy task
Define Source location as “$(Agent.TempDirectory)”
Target folder should be “$(build.artifactstagingdirectory)/”
Now for Copy task
Finally for Authentication, please use command line script.
Finally Save and Queue.