Oct 12 2023
09:01 PM
- last edited on
Mar 05 2024
04:55 PM
by
TechCommunityAP
Oct 12 2023
09:01 PM
- last edited on
Mar 05 2024
04:55 PM
by
TechCommunityAP
I currently have the following setup which works fine:
- job: build displayName: 'Build' steps: - task: NuGetAuthenticate@0 inputs: nugetServiceConnections: ${{parameters.myArtifactFeed}}
I can then run tasks in later steps that restore packages. The service connection it uses myArtifactFeed is a NuGet type service connection that uses the authentication method External Azure DevOps Server, which I just provide a PAT for.
What I want to do is not use PAT's anymore.After reading this article, I thought I would be able to create a service principal in Entra ID, add it to my org, give it read permission to my artifact feed. https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principa...
But this doesn't seem to work and I can't find any documentation on how to do this.
TL:DR - How can create a Azure DevOps Service Connection which uses an Azure Service Principal credentials as it's auth, which can then be used in a NuGetAuthenticate@0 Azure DevOps pipeline task to restore packages.
Thanks,
Oct 13 2023 12:23 PM - edited Oct 13 2023 12:27 PM
To use an Azure AD Service Principal to connect an Azure DevOps pipeline to an artifact feed, follow these steps:
Create an Azure AD Service Principal:
In Your Pipeline:
jobs:
- job: build
displayName: 'Build'
steps:
- task: NuGetAuthenticate@0
inputs:
nugetServiceConnections: 'your-service-connection-name'
- script: nuget restore ...
With this setup, you eliminate the need for a PAT and ensure secure authentication through the Azure AD Service Principal. Make sure to protect your Service Principal credentials and manage their lifecycle appropriately for security.
Jul 25 2024 03:18 PM
@Robina I was excited to find the steps you recommended to use a service principal for nuget authentication, but when I try to use an Azure Resource Manager service connection, the pipeline fails to run:
The pipeline is not valid. Job TransferNugetPackages: Step NuGetAuthenticate3 input nuGetServiceConnections expects a service connection of type ExternalNuGetFeed but the provided service connection AIFabricAzureConnection is of type azurerm.
Setting up an external nuget feed service connection would require a PAT instead of being able to use the service principal like I can with the Resource Manager one. Any idea if there is a way around this?