General discussion
-
Topic
-
Authenticate to Azure DevOps without user’s DevOps PAT
LockedCurrently we use an approach to reach DevOps and trigger “release pipelines” from a specific VM1 by utilizing user’s DevOps PAT. We run PowerShell commands below at VM1:
$userPatToken = “xxxdfdgklfdgofkglfg4565gfhgfhgfh4gf54h54545fhfghfdffg”
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes((“{0}:{1}” -f “”, $userPatToken)))$url = “https://vsrm.dev.azure.com/MyOrg/MyProject/_apis/release/releases?definitionId=7&$top=100&api-version=6.0”
Invoke-RestMethod -Method Get -Uri $url -ContentType “application/json” -Headers @{Authorization = (“Basic {0}” -f $base64AuthInfo) }
The user is AAD one, is there a way to use it’s let say AAD credentials and authenticate to DevOps and do the same? Or may there is a way to use VMs system managed (or any user-managed) identity to authenticate into DevOps and trigger release pipelines? We do not want to be dependent of the user’s PAT. It should be written in PowerShell.