| layout | azuredevops |
|---|---|
| page_title | Provider: Azure DevOps |
| description | The Azure DevOps provider is used to interact with Azure DevOps organization resources. |
The Azure DevOps provider can be used to configure Azure DevOps project in Microsoft Azure using Azure DevOps Service REST API
Use the navigation to the left to read about the available resources.
Interested in the provider's latest features, or want to make sure you're up to date? Check out the changelog for version information and release notes.
terraform {
required_providers {
azuredevops = {
source = "microsoft/azuredevops"
version = ">= 0.1.0"
}
}
}
resource "azuredevops_project" "project" {
name = "Project Name"
description = "Project Description"
}Authentication may be accomplished using an Azure AD service principal if your organization is connected to Entra ID, or by a personal access token.
The provider will use the first available authentication method that is available. They are discovered in the following order:
- Personal Access Token
- With
use_oidc = true- OIDC Token
- OIDC Token File Path
- OIDC Token Request URL
- TFC Cloud Workload Identity Token
- Client Certificate Path
- Client Certificate
- Client Secret Path
- Client Secret
- With
use_msi = true- Managed Service Identity
The OIDC service principal authentication methods allow for secure passwordless authentication from Terraform Cloud & GitHub Actions.
- Authenticating to a Service Principal with a Managed Identity
- Authenticating to a Service Principal with a Client Certificate
- Authenticating to a Service Principal with a Client Secret
- Authenticating to a Service Principal with an OIDC Token
- Authenticating using a Personal Access Token
The following arguments are supported in the provider block:
-
org_service_url- (Required) This is the Azure DevOps organization url. It can also be sourced from theAZDO_ORG_SERVICE_URLenvironment variable. -
personal_access_token- This is the Azure DevOps organization personal access token. The account corresponding to the token will need "owner" privileges for this organization. It can also be sourced from theAZDO_PERSONAL_ACCESS_TOKENenvironment variable. -
client_id- The client id used when authenticating to a service principal or the principal id when authenticating with a user specified managed service identity. It can also be sourced from theARM_CLIENT_IDorAZURE_CLIENT_IDenvironment variable. -
client_id_file_path- The path to a file containing a client id to authenticate. It can also be sourced from theARM_CLIENT_ID_FILE_PATHenvironment variable. -
tenant_id- The tenant id used when authenticating to a service principal. It can also be sourced from theARM_TENANT_IDorAZURE_TENANT_IDenvironment variable. -
auxiliary_tenant_ids- List of auxiliary Tenant IDs required for multi-tenancy and cross-tenant scenarios. This can also be sourced from theARM_AUXILIARY_TENANT_IDSenvironment variable. -
client_secret- The client secret used to authenticate to a service principal. It can also be sourced from theARM_CLIENT_SECRETorAZURE_CLIENT_SECRETenvironment variable. -
client_secret_path- The path to a file containing a client secret to authenticate to a service principal. It can also be sourced from theARM_CLIENT_SECRET_PATHorARM_CLIENT_SECRET_FILE_PATHenvironment variable. -
client_certificate_path- The path to a file containing a certificate to authenticate to a service principal, typically a .pfx file. It can also be sourced from theARM_CLIENT_CERTIFICATE_PATHenvironment variable. -
client_certificate- A base64 encoded certificate to authentiate to a service principal. It can also be sourced from theARM_CLIENT_CERTIFICATEenvironment variable. -
client_certificate_password- This is the password associated with a certificate provided byclient_certificate_pathorclient_certificate. It can also be sourced from theARM_CLIENT_CERTIFICATE_PASSWORDenvironment variable. -
oidc_token- An OIDC token to authenticate to a service principal. It can also be sourced from theARM_OIDC_TOKENenvironment variable. -
oidc_token_file_path- The path to a file containing nn OIDC token to authenticate to a service principal. It can also be sourced from theAZDO_TOKEN_PATH, orAZURE_FEDERATED_TOKEN_FILEenvironment variable. -
oidc_request_token- The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect. It can also be sourced from theARM_OIDC_REQUEST_TOKEN,ACTIONS_ID_TOKEN_REQUEST_TOKEN,SYSTEM_ACCESSTOKENenvironment variables. -
oidc_request_url- The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect. It can also be sourced from theARM_OIDC_REQUEST_URL,ACTIONS_ID_TOKEN_REQUEST_URLorSYSTEM_OIDCREQUESTURIenvironment variables. -
oidc_azure_service_connection_id- The Azure Pipelines Service Connection ID to use for authentication. This can also be sourced from theARM_ADO_PIPELINE_SERVICE_CONNECTION_ID,ARM_OIDC_AZURE_SERVICE_CONNECTION_ID, orAZURESUBSCRIPTION_SERVICE_CONNECTION_IDenvironment variables. -
use_oidc- Boolean, enables OIDC auth methods. It can also be sourced from theARM_USE_OIDCenvironment variable. -
use_msi- Boolean, enables authentication with a Managed Service Identity in Azure. It can also be sourced from theARM_USE_MSIenvironment variable. -
use_cli- Should Azure CLI be used for authentication? This can also be sourced from theARM_USE_CLIenvironment variable. Defaults totrue.