koszewscy/ado-sk-toolkit-extension
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
52a73c16b39990dbc50b44d027e841fca8ec0e91
ado-sk-toolkit-extension/overview.md

37 lines
994 B
Markdown
Raw Blame History

# Azure Federated Auth Task
`AzureFederatedAuth@1` is an Azure Pipelines task that requests an OIDC token for an AzureRM service connection configured for workload identity federation.
It is designed for pipelines that need ARM federation variables without storing long-lived secrets.
## What It Sets
- `ARM_OIDC_TOKEN` (secret)
- `ARM_TENANT_ID`
- `ARM_CLIENT_ID`
- `GIT_ACCESS_TOKEN` (secret, optional)
## Task Input
- `serviceConnectionARM` (required): Azure Resource Manager service connection
- `setGitAccessToken` (optional): exchanges OIDC assertion for Azure DevOps scope and sets `GIT_ACCESS_TOKEN`
## Prerequisites
- AzureRM service connection using workload identity federation
- Pipeline access to `System.AccessToken`
- Linux YAML agents
## Example
```yaml
- task: AzureFederatedAuth@1
inputs:
serviceConnectionARM: 'my-arm-service-connection'
setGitAccessToken: true
```
## Repository
https://gitea.koszewscy.waw.pl/koszewscy/ado-azurefederatedauth-task.git
Reference in New Issue View Git Blame Copy Permalink