DevTest labs now supports the capability to access Azure DevOps artifact repos through Managed Identities and GitHub artifact repos through GitHub app authentication. Additionally, you can now also access the lab storage account through Managed Identities. Until now users have accessed Artifact repos via personal access tokens (PATs) and storage accounts through Storage Access Shared (SAS) tokens. These tokens can be leaky, posing a security risk. The development teams also need to manage the PATs, increasing the overhead on the team. Moreover, these SAS tokens and PATs have an expiration time which causes fragility in the user experience. Managed Identity and GitHub app authentication takes a significant step towards creating a credential-free experience and controlling credential-based resiliency issue.
Please note that before you can use Managed Identity and/or GitHub app authentication, you much configure them.
To learn more about Managed Identity, visit Microsoft Entra managed identities for Azure resources documentation – Managed identities for Azure resources | Microsoft Learn.
How to use Managed Identity and GitHub app authentication?
Managed Identity to access Azure DevOps artifact repos and GitHub app authentication to access GitHub artifact repos
Steps:
- On the lab’s Overview page, select Configuration and policies from the left navigation.
- On the Configuration and policies page, select Repositories under External resources in the left navigation. On the Repositories page, the Public Artifact Repo is automatically present and connects to the DevTest Labs public GitHub repository. If this repo isn’t enabled for your lab, you can enable it by selecting the checkbox next to Public Artifact Repo, and then selecting Enable on the top menu bar.
- To add your artifact repository to the lab, select Add in the top menu bar.
- In the Repository pane, enter the following information:
- Name: A repository name to use in the lab.
- Git clone URL: The Git HTTPS clone URL from GitHub or Azure Repos.
- Branch (optional): The branch that has your artifact definitions.
- Managed Identity: Select this option to use Managed Identity to access Azure Repos. Or GitHub app authentication: Select this option to use GitHub app authentication to access GitHub Repos.
- Folder paths: The folder for your ARM template definitions, relative to the Git clone URL. Be sure to include the initial forward slash in the folder path.
- Select Save
- The repository now appears in the Repositories list for the lab.
To learn more about how to configure Managed Identity and GitHub app authentication to access artifact repo, visit Add an artifact repository to your lab – Azure DevTest Labs | Microsoft Learn.
Managed Identity to access the lab storage account
To use Managed Identity to access the lab storage account, follow these steps while creating the lab:
- On the DevTest Labs page, select Create.
- On the Basic Settings tab, provide the following information:
Setting Value Subscription Change the subscription if you want to use a different subscription for the lab. Resource group Select an existing resource group from the dropdown list, or select Create new to create a new resource group. Lab name Enter a name for the lab. Location If you’re creating a new resource group, select an Azure region for the resource group and lab. Artifacts storage account access Select the appropriate Managed Identity from the list that you want to use to access the lab storage account. - Optionally, select the Auto-shutdown, Networking, or Tags tabs at the top of the page, and customize those settings. You can also apply or change most of these settings after lab creation.
- After you complete all settings, select Review + create at the bottom of the page.
- If the settings are valid, Succeeded appears at the top of the Review + create page. Review the settings, and then select Create.
Please note that, during lab creation, setting a user-assigned managed identity to access the lab storage account also sets that particular user-assigned managed identity for the virtual machines. The managed identity you select on the create lab page under the lab artifacts storage account option will also be visible in the Virtual Machine section of the Identity page under Configuration and Policies settings.
These enhancements reflect Microsoft’s commitment to continually evolving based on user feedback and to improve the security of our services.
Get started with DevTest Labs today! To learn more about Azure DevTest Lab, visit What is Azure DevTest Labs? – Azure DevTest Labs | Microsoft Learn.
Share feedback you have on the service: DevTest Labs · Community
0 comments
Be the first to start the discussion.