Creating a Service Connection for Azure Resources

Creating a Service Connection for Azure Resources

In today's Post, We will learn how to create a service connection to release your application on Azure resources.

First, you must obtain an Azure credential from the Azure portal.

Exploring Azure App Registration

Azure app registration is the process that provides the necessary credentials for Azure Pipelines to deploy applications to Azure resources. Follow these steps to create an Azure app registration:

1. Go to [Microsoft Entra ID](https://portal.azure.com).

2. Click on App registrations, then select + New registration.

App Registrations Page

3. Click on the Register an application option. Now, you need to provide a name for the registered application. Then, choose from the following four account types:

1. Single tenant - Only one identity in a single Azure account.

2. Multiple identities in one Azure account.

3. Multiple identities, including personal Microsoft accounts in one Azure account.

4. Personal Microsoft accounts only in one Azure account.

After selecting the appropriate option, click Register.

Register an application page

4. After registering the app ID, navigate to Certificates & Secrets to create a secret. Click on + New client secret and select Add a client secret. Provide a description and expiry date, then click Add.

Certificates and Secrets

5. Do not forget to copy the secret value – it will disappear, and you cannot recover it after you close this page:

Client Secrets

6. Copy the highlighted information to prepare for creating a service connection:

App Registration Overview

Creating a Service Connection

To deploy an application on Azure, you need to create a service connection, which is a service account that allows you to access Azure resources. Follow these instructions:

1. After creating an app registration in the Azure portal, go to [Azure DevOps](https://dev.azure.com/) and click Sign in.

Sign-in Page

2. Click on Project settings | Service connections > Create service connection:

Creating a Service Connection

3. Select Azure Resource Manager and click Next:

Selecting a Service Connection Type
Authentication Method Options

4. Choose an authentication method from the following options:

- Automatic Discovery: Automatically finds service principals in all Azure resources.

- Manual Entry: Manually enter all app ID information, allowing easy access to Azure resources.

- Existing Identity: Use an existing identity that is used for another system.

- Export Public Profile: Export the public profile from the Azure portal page and use it.

For this example, select the second option, Service principal (manual), and click Next.

Choosing an Authentication Method
Completing the Service Connection Setup

5. Fill in the required fields as follows, then click Verify and save:

- Environment: Azure Cloud

- Scope Level: Subscription (choose this to limit the scope of permission to the subscription level for risk management)

- Subscription ID: <Check on the subscription menu>

- Subscription Name: <Check on the subscription menu>

- Service Principal ID: <Client ID of the app registration>

- Credential: Service principal key

- Service Principal Key: <Secret of the app registration>

- Tenant ID: <Tenant ID of the app registration>

- Service Connection Name: sp-for-DevOps

- Security: Turn on "Grant access permission to all pipelines".

Enter Azure service connection details

6. You can now view the new service connection:

List of all service connections

In this Post, We learned how to create a variable group to share across all pipelines and how to link a variable group to an existing pipeline.

"In our upcoming post, we'll explore how to upload secret files and connect them to your pipelines.


Microsoft Learn Microsoft Azure Microsoft Azure DevOps






要查看或添加评论,请登录

社区洞察

其他会员也浏览了