Question

I can't figure out how to access a Service Connection with a script step in my build pipeline. For example, let's say I have a Service Connection representing credentials for an Azure Service Principal. I'd like to access those credentials in a script step. How can I write a script step that makes use of them?

Answer 1

Instead of the basic 'Script' (or 'Bash') task use the 'Azure CLI' task. This is for running Az CLI commands, do not run only standard Bash scripts (or PSCore if that's your thing). When you run this task, you'll see a bunch of information about the Service Connection in variables prefixed with 'ENDPOINT_DATA_'. It includes Azure Subscription ID, name, Service Principle Object ID, etc.

Enable the Service Principle details to be added to the environment.  Then it includes the SPN key, TenantID, etc. as secret environment variables.

This is what the task looks like:

- task: AzureCLI@2
  displayName: 'Azure CLI'
  inputs:
    scriptType: bash
    scriptLocation: inlineScript
    azureSubscription: ''
    inlineScript: |
      env | sort

- task: AzureCLI@2
  displayName: 'Azure CLI, with SPN info'
  inputs:
    scriptType: bash
    scriptLocation: inlineScript
    azureSubscription: ''
    addSpnToEnvironment: true
    inlineScript: |
    env | sort
 
This is all only applicable to Azure Cloud Service Connections.