I'm trying to use a PAT to login to devops in a pipeline but I get this error:
WARNING: Failed to store PAT using keyring; falling back to file storage.
WARNING: You can clear the stored credential by running az devops logout.
WARNING: Refer https://aka.ms/azure-devops-cli-auth to know more on sign in with PAT.
The yaml file looks like this:
name: Manage Azure Devops
trigger: none
pool:
vmImage: "ubuntu-latest"
variables:
- group: Azure_Devops_Management
- name: ado_organization
value: "https://dev.azure.com/org-name/"
steps:
- script: |
echo $(ACCESS_TOKEN) | az devops login --organization $(ado_organization)
displayName: Login and set defaults
env:
ADO_PAT_TOKEN: $(ACCESS_TOKEN)
- script: |
az devops user list
displayName: List users
When I run this on my own computer it works fine:
echo "####" | az devops login --organization "https://dev.azure.com/org-name/"
I've tried to add the PAT in clear test, just to verify that it's not a problem with the variable group, but that didn't help either.
I've read several threads about this but can't find anything that have helped. Any help appriciated.
Thanks for pointing me in the right direction, @KrzysztofMadej.
The pipeline at https://github.com/kmadof/devops-manual/blob/b0c8b2a9afc71829e62e9640f8c49c61e44c9057/stackoverflow/56-print-variables/build.yaml#L20 didn't work as is. I guess it's because this line will wait for input of the PAT to proceed:
az devops login --organization $org
But since we store the PAT in AZURE_DEVOPS_EXT_PAT we don't need to run the login command (more info: https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows#use-the-azure_devops_ext_pat-environment-variable).
Since I need more permissions than what $(System.AccessToken) gives me I could also use my own PAT.
So this is the final YAML to run az devops commands with a custom PAT:
name: Manage Azure Devops
trigger: none
pool:
vmImage: "ubuntu-latest"
variables:
- group: Azure_Devops_Management
steps:
- bash: env | sort
- task: AzureCLI@2
displayName: Azure CLI
inputs:
azureSubscription: "service_connection_name"
scriptType: "pscore"
scriptLocation: "scriptPath"
scriptPath: "./AdoManageInactiveUsers.ps1"
env:
AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)
And if you don't want to use AzureCLI@2 task this works as well:
steps:
- script: |
az devops configure --defaults organization=$(ado_organization)
az devops user list
displayName: List users
env:
AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)
So the solution from my first YAML is basically to use AZURE_DEVOPS_EXT_PAT and dont run az devops login