Support Azure Devops OAuth via Service Principal to checkout Git repositories
Thomas Abbe
Actually building blocks can be checked out from Azure Devops Git repositories with SSH Keys.
Unfortunately, SSH keys are not easy to manage:
- need of an Entra ID user
- generate secret/public key pair
- key pair will expire
- credentials (ssh keys and user credentials) must be rotated via organization policy once a year
- process is not fully automated
A far better way is to authenticate to Azure Devops Git repo via an Entra ID Service principal. Especially because you can authenticate via Identity Workload Federation.
See following article how to use git commands with Azure Devops Service principals.
Jelle den Burger
This is a great idea that will enhance security a lot for Azure DevOps usage. Unfortunately this is not in focus right now as we are mainly investing into usage of GitHub & GitLab. Authentication will have to happen via SSH for the time being.
Jelle den Burger
Thanks a lot for your feature request, Thomas! We are actively on the lookout for better and easier ways to trigger Building Blocks via Git and Git providers like Azure DevOps. We will take your feedback into account when we build the next iteration of these Building Block triggers
Thomas Abbe
Jelle den Burger Hi Jelle, thank you for the feedback. Just to be sure, the feature request was intended to make the building block configuration easier. From our side, we are not using triggers via Git.