Back to Blog
1 min read

Service Connections in Azure DevOps

Azure Azure DevOps Service Connections Security

Service connections in Azure DevOps enable secure authentication to external services. This post covers creating and managing service connections for various platforms.

Azure Service Connection

# Using Azure service connection
trigger: [main]

pool:
  vmImage: 'ubuntu-latest'

steps:
  - task: AzureCLI@2
    inputs:
      azureSubscription: 'MyAzureConnection'  # Service connection name
      scriptType: 'bash'
      scriptLocation: 'inlineScript'
      inlineScript: |
        az webapp list --output table
        az storage account list --output table

Connection Types

# Common service connections
connections:
  azure_resource_manager:
    authentication: ['Service Principal', 'Managed Identity', 'Workload Identity']
    scope: ['Subscription', 'Resource Group', 'Management Group']

  kubernetes:
    authentication: ['Kubeconfig', 'Azure Subscription', 'Service Account']

  docker_registry:
    registries: ['Docker Hub', 'ACR', 'Other']

  github:
    authentication: ['Personal Access Token', 'GitHub App', 'OAuth']

  generic:
    types: ['REST API', 'SSH', 'npm', 'NuGet']

Workload Identity Federation

# Modern authentication without secrets
service_connection:
  name: 'AzureWorkloadIdentity'
  type: 'Azure Resource Manager'
  authentication: 'Workload Identity Federation'
  subscription: 'xxx-xxx-xxx'
  servicePrincipalId: 'app-id'
  tenantId: 'tenant-id'
  # No secret required - uses OIDC

Service connections provide secure, manageable access to external resources.

Michael John Peña

Michael John Peña

Senior Data Engineer based in Sydney. Writing about data, cloud, and technology.