Infisical currently supports three methods for connecting to Azure DevOps, which are OAuth, Azure DevOps Personal Access Token and Client Secrets.
Using the Azure DevOps OAuth connection on a self-hosted instance of Infisical requires configuring an application in Azure and registering your instance with it.Prerequisites:
  • Set up Azure.
1

Create an application in Azure

Navigate to Azure Active Directory > App registrations to create a new application.
Azure Active Directory is now Microsoft Entra ID.
Azure devopsAzure devopsCreate the application. As part of the form, set the Redirect URI to https://your-domain.com/organization/app-connections/azure/oauth/callback.
The domain you defined in the Redirect URI should be equivalent to the SITE_URL configured in your Infisical instance.
Azure devops
2

Assign API permissions to the application

For the Azure Connection to work with DevOps Pipelines, you need to assign the following permission to the application.

Azure DevOps permissions

Set the API permissions of the Azure application to include the following permissions:
  • Azure DevOps
    • user_impersonation
    • vso.project_write
    • vso.variablegroups_manage
    • vso.variablegroups_write Azure devops
3

Add your application credentials to Infisical

Obtain the Application (Client) ID and Directory (Tenant) ID (this will be used later in the Infisical connection) in Overview and generate a Client Secret in Certificate & secrets for your Azure application.Azure devopsAzure devopsAzure devopsBack in your Infisical instance, add two new environment variables for the credentials of your Azure application.
  • INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_ID: The Application (Client) ID of your Azure application.
  • INF_APP_CONNECTION_AZURE_DEVOPS_CLIENT_SECRET: The Client Secret of your Azure application.
Once added, restart your Infisical instance and use the Azure Client Secrets connection.

Create a new Azure DevOps personal access token (PAT)

When using the Azure DevOps Access Token connection you’ll need to create a new personal access token (PAT) in order to authenticate Infisical with Azure DevOps.
1

Navigate to Azure DevOps

integrations
2

Create a new token

Make sure the newly created token has Read/Write access to the Release scope.integrations
Please make sure that the token has access to the following scopes: Variable Groups (read, create, & manage), Release (read/write), Project and Team (read), Service Connections (read & query)
3

Copy the new access token

Copy the newly created token as this will be used to authenticate Infisical with Azure DevOps.integrations
To use client secret authentication, ensure your Azure Service Principal has the required permissions and is connected to the Azure DevOps organization and projects you want to use.Prerequisites:
  • Set up Azure and have an existing Azure DevOps organization.
  • The service principal must be connected to your target Azure DevOps organization and project(s)
1

Assign API permissions to the service principal

Configure the required API permissions for your App Registration to interact with Azure DevOps:

Azure DevOps permissions

Set the API permissions of your Azure service principal to include the following Azure DevOps permissions:
  • Azure DevOps
    • user_impersonation
    • vso.project_write
    • vso.variablegroups_manage
    • vso.variablegroups_write Azure devops

Setup Azure Connection in Infisical

1

Navigate to App Connections

Navigate to the App Connections page in the desired project. App Connections
Tab
2

Add Connection

Select the Azure Connection option from the connection options modal. Select Azure Connection
3

Create Connection

1

Fill in Connection Details

Fill in the Tenant ID field with the Directory (Tenant) ID you obtained in the previous step. Also fill in the organization name of the Azure DevOps organization you want to connect to.Fill in Connection Details
You can find the Organization Name on https://dev.azure.com/
2

Grant Access

You will then be redirected to Azure to grant Infisical access to your Azure account. Once granted, you will be redirected back to Infisical’s App Connections page. Azure Client Secrets
Authorization
4

Connection Created

Your Azure DevOps Connection is now available for use. Azure DevOps