Use workload identity federation for your Azure Resource Manager (ARM) service connections. Workload identity federation allows you to create secret-free service connections in Azure Pipelines to Azure. Convert your existing Azure Resource Manager service connections which use secrets to authenticate to leverage Workload identity federation instead, for improved security and simplified maintenance. Learn more: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices#scope-service-connections https://learn.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?#create-an-azure-resource-manager-service-connection-using-workload-identity-federation https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints https://devblogs.microsoft.com/premier-developer/azure-devops-workload-identity-federation/
1. Navigate to Project Settings. 2. Open the Service connections link under Pipelines. 3. Select a service connection of type 'Azure Resource Manager'. 4. Click on Convert button to 'Convert your service connections to workload identity federation for improved security and simplified maintenance.'. 5. Accept the changes by clicking Convert.
{
"target": "ADOProjectServiceEndpoint",
"if": {
"allOf": [
{
"resource": "ADOProjectServiceEndpoint",
"property": "Type",
"operator": "equals",
"value": "azurerm"
},
{
"resource": "ADOProjectServiceEndpoint",
"property": "DataAzureCloud.Environment",
"operator": "equals",
"value": "AzureCloud"
},
{
"resource": "ADOProjectServiceEndpoint",
"property": "DataAzureCloud.CreationMode",
"operator": "match",
"value": "(automatic|manual)"
},
{
"resource": "ADOProjectServiceEndpoint",
"property": "Authorization.Scheme",
"operator": "equals",
"value": "WorkloadIdentityFederation"
}
]
},
"then": {
"effect": "Audit"
}
}Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions