Reputation: 374
TFS 2015 Agent creation and usage
I have downloaded agent zip file and configured agent on the build machine. To authenticate agent Microsoft provided four ways PAT,Integrated,Negotiate,Alternate.
PAT should be used for Team Services they said but I don't understand how it works.
I have authenticated using negotiate but here agent is going to offline once build completed and I am manually using power shell making it run.
I am using previously XAML build definition and new to this can some one help how to make agent online continuously.
Upvotes: 1
Views: 161
Answers (1)
Reputation: 30362
Compared with common alternate credentials, PAT is more secure.
When your 3rd party tool prompts you to sign in, you can provide your alternate credentials for authentication purposes, and it stored the credentials for later retrieval that may you don't want the tools to do some actions.
For non-Microsoft tools that integrate into Team Services but do not support Microsoft account or Azure AD authentication interactions (for example, Git, NuGet, or XCode), you need to set up personal access tokens by using Git credential managers or by creating PATs manually. You can also use personal access tokens when there is no "pop up UI" such as with command-line tools, integrating tools or tasks into build pipelines, or using REST APIs.
Personal access tokens essentially are alternate passwords that you create in a secure way using your normal authentication, and PATs can have expiration dates, limited scopes (for example, only certain REST APIs or command line operations are valid), and specific Team Services accounts. You can put them into environment variables so that scripts do not hardcode passwords. For more information, see Authentication overview and scopes.
See use-personal-access-tokens-to-authenticate for details.
Once you create a PAT you can use it pretty much anywhere your user credentials are required for authentication. If you use a PAT for a 3rd party tool only to find out later that it is acting maliciously, you can deactivate that specific PAT and it immediately becomes invalid. You can also apply one or more scopes to a PAT so you can, for example, limit access to reading work items and nothing else.
Please reference below articles to understand the PAT:
- https://roadtoalm.com/2015/07/22/using-personal-access-tokens-to-access-visual-studio-online/
- http://blog.devmatter.com/personal-access-tokens-vsts/
Upvotes: 1
Related Questions
- Team Foundation Server Build Agents
- TFS private build agents
- TFS 2015 and later - Tagging agents
- Build agent ID via TFS sdk
- Test Agent Deployment v2 fails in TFS 2015
- Private agent deployment on Azure
- Best practice for Agent Queue Users in TFS 2015?
- How to automatically add (or let tfs2015 discover) build agent capabilities?
- TFS 2015 build server ignoring agent working dir
- TFS 2015 No agents found when deploying to Azure