Skip to content

matejskubic/Git-Credential-Azure-ManagedIdentity

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitignore
.gitignore
 
 
Git-Credential-Azure-ManagedIdentity.sh
Git-Credential-Azure-ManagedIdentity.sh
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Git-Credential-Azure-ManagedIdentity

Setup Git Credential Helper

To use the Git-Credential-Azure-ManagedIdentity.sh script as a Git credential helper, follow these steps:

  1. Download the script to a location on your Azure resource (e.g., /home/azureuser/Git-Credential-Azure-ManagedIdentity.sh).

  2. Make the script executable:

    chmod +x /home/azureuser/Git-Credential-Azure-ManagedIdentity.sh

  3. Update your .gitconfig file to use the script as a credential helper:

    [credential]
    helper = /home/azureuser/Git-Credential-Azure-ManagedIdentity.sh

Using the Username

You can specify the username in the Git URL to provide additional context for the managed identity. Here are some examples:

  • Using Default Managed Identity:

    git clone https://dev.azure.com/your_organization/your_project/_git/your_repository

  • Using Client ID:

    git clone https://<client_id>@dev.azure.com/your_organization/your_project/_git/your_repository

  • Using MSI Resource ID:

    msi_res_id is in the format /subscriptions/_subscription_id_/resourcegroups/_RG_name_/providers/microsoft.managedidentity/userassignedidentities/_name_

    git clone https://<msi_res_id>@dev.azure.com/your_organization/your_project/_git/your_repository

In these examples, replace <client_id> or <msi_res_id> with the appropriate values for your managed identity.

Check for https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http for more details.

Example

Here is an example of how to clone a repository using a client ID:

git clone https://12345678-1234-1234-1234-123456789abc@dev.azure.com/your_organization/your_project/_git/your_repository

This setup allows the Git client to use the Azure Managed Identity to authenticate with Azure DevOps or other Git services that support OAuth tokens from Microsoft Azure/Entra ID.

Troubleshooting

If you encounter issues, check the following:

  1. Debug Logging: Enable debug output with GIT_TRACE environment variable:

    GIT_TRACE=1 git clone https://dev.azure.com/... > git-credential.log 2>&1

    Note: Only critical errors are written to stderr, debug messages go to stdout.

  2. Managed Identity: Verify that the managed identity is properly configured:

    curl -H "Metadata: true" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/"

  3. Permissions: Ensure the managed identity has appropriate permissions in Azure DevOps.

  4. URL Encoding: When using MSI Resource IDs, the script automatically handles URL encoding.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages