-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login using managed identity #279
Comments
Management of the PAT has been a big obstacle for us, since it makes the aggregator fairly unreliable - in particular because PATs become unusable after the owning user's password changes (interactive login to ADO as that user will restore their access -- however, for the generic ID we use for this, whose password changes frequently for security reasons, this creates quite a challenge). Even with the rotation problem aside, having to log in as the generic ID to create a PAT manually on a schedule, or maybe worse, using an individual human account to create the PAT, is kind of cumbersome. Managed identity or even Service Principal would move this tool from being "eh, you can try it, but don't count on it", to "yes, this is a good way to solve the problem". |
The usage of managed identities to log into Azure DevOps is now available in public preview.
What would be great would be to enable system assigned managed identity on the Azure Function app hosting the aggregator and using it to log into Azure DevOps.
That would eliminate the need to manage the PAT and it would make it much more clear in ADO who touched the history using an actual system identity.
Here's the doc : https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity?view=azure-devops
The text was updated successfully, but these errors were encountered: