We’re excited to announced new support in Azure DevTest labs for accessing Azure DevOps artifact repos via Managed Identities and GitHub artifact repos through GitHub app authentication. Additionally, the lab storage account can also now be accessed via Managed Identities.

Until now, users have relied on Personal Access Tokens (PATs) and Storage Access Shared (SAS) tokens to connect to these resources. However, these tokens can introduce security risks if exposed, require ongoing management, and may expire unexpectedly, leading to disruptions.

With Managed Identity and GitHub app authentication, development teams can now enjoy a credential-free experience. Once configured, these authentication methods eliminate the need for manual token management, significantly improving both security and user experience by reducing overhead, enhancing reliability, and providing more seamless access to artifact repos and lab storage account.

To get started, you’ll need to configure Managed Identity and GitHub app authentication. Learn more below!

How to use Managed Identity and GitHub app authentication?

Accessing Azure DevOps artifact repositories with Managed Identity or GitHub artifact repositories with GitHub app authentication is simple.

Follow these steps:

1. On the lab’s Overview page, select Configuration and policies from the left navigation.
2. On the Configuration and policies page, select Repositories under External resources in the left navigation. On the Repositories page, the Public Artifact Repo is automatically present and connects to the DevTest Labs public GitHub repository. If this repo isn’t enabled for your lab, you can enable it by selecting the checkbox next to Public Artifact Repo, and then selecting Enable on the top menu bar.
3. To add your artifact repository to the lab, select Add in the top menu bar.
4. In the Repository pane, enter the following information:
   • Name: A repository name to use in the lab.
   • Git clone URL: The Git HTTPS clone URL from GitHub or Azure Repos.
   • Branch (optional): The branch that has your artifact definitions.
   • Managed Identity: Select this option to use Managed Identity to access Azure Repos. Or GitHub app authentication: Select this option to use GitHub app authentication to access GitHub Repos.
   • Folder paths: The folder for your ARM template definitions, relative to the Git clone URL. Be sure to include the initial forward slash in the folder path.

     

5. Select Save
6. The repository now appears in the Repositories list for the lab.

Visit our docs page to learn more about how to configure Managed Identity and GitHub app authentication to access artifact repo.

Managed Identity to access lab storage account

To use Managed Identity to access the lab storage account, follow these steps while creating the lab:

1. On the DevTest Labs page, select Create.
2. On the Basic Settings tab, provide the following information:

   Setting	Value
   Subscription	Change the subscription if you want to use a different subscription for the lab.
   Resource group	Select an existing resource group from the dropdown list, or select Create new to create a new resource group.
   Lab name	Enter a name for the lab.
   Location	If you’re creating a new resource group, select an Azure region for the resource group and lab.
   Artifacts storage account access	Select the appropriate Managed Identity from the list that you want to use to access the lab storage account.

   

3. Optionally, select the Auto-shutdown, Networking, or Tags tabs at the top of the page, and customize those settings. You can also apply or change most of these settings after lab creation.
4. After you complete all settings, select Review + create at the bottom of the page.
5. If the settings are valid, Succeeded appears at the top of the Review + create page. Review the settings, and then select Create.

Please note that, during lab creation, setting a user-assigned managed identity to access the lab storage account also sets that particular user-assigned managed identity for the virtual machines. The managed identity you select on the Create DevTest Lab page under the lab artifacts storage account option will also be visible in the Virtual Machine section of the Identity page under Configuration and Policies settings.

With your feedback, we’re continuing to improve Azure DevTest Labs to make the development process smoother and more secure. Dive into these new features today and see how they can streamline your workflow and boost productivity!

Get started with DevTest Labs today! To learn more about Azure DevTest Lab, visit What is Azure DevTest Labs? – Azure DevTest Labs | Microsoft Learn.

Share feedback you have on the service: DevTest Labs · Community