The Azure DevOps provider supports service principals through a variety of authentication methods, including client secrets.
Create a service principal in Azure portal or using Azure PowerShell. Ignore steps about application roles and certificates.
Add the service principal to your Azure DevOps Organization.
The provider will need the Directory (tenant) ID and the Application (client) ID from the Azure AD app registration. They may be provided via the ARM_TENANT_ID
and ARM_CLIENT_ID
environment variables, or in the provider configuration block with the tenant_id
and client_id
attributes.
The client secret may be provided as a string, or by a file on the filesystem with the ARM_CLIENT_SECRET
or ARM_CLIENT_SECRET_PATH
environment variables, or in the provider configuration block with the client_secret
or client_secret_path
attributes.
terraform {
required_providers {
azuredevops = {
source = "microsoft/azuredevops"
version = ">=0.1.0"
}
}
}
provider "azuredevops" {
org_service_url = "https://dev.azure.com/my-org"
client_id = "00000000-0000-0000-0000-000000000001"
tenant_id = "00000000-0000-0000-0000-000000000001"
client_secret_path = "C:\\my_secret.txt"
}
resource "azuredevops_project" "project" {
name = "Test Project"
description = "Test Project Description"
}
terraform {
required_providers {
azuredevops = {
source = "microsoft/azuredevops"
version = ">=0.1.0"
}
}
}
provider "azuredevops" {
org_service_url = "https://dev.azure.com/my-org"
client_id = "00000000-0000-0000-0000-000000000001"
tenant_id = "00000000-0000-0000-0000-000000000001"
client_secret = "top-secret-password-string"
}
resource "azuredevops_project" "project" {
name = "Test Project"
description = "Test Project Description"
}