How to parametrize azureSubscription in azure devops template task?

Question

I am trying to use parameters in Azure Devops templates. I can print any parameter inside the template. But when I use parameter in a template with any task that requires azure subscription that will make the pipeline always fail with

"The pipeline is not valid. Job myDeployment: Step input azureSubscription references service connection $(mySubscription) which could not be found."

Example of pipeline and template below. Is there any way to path azure Subscription to the template?strong text

pipeline.yml

- stage: myStage
  pool: windows
  variables: 
    - name: azureSubscription
      value: mySubscription
    - name: keyVaultName
      name: myKeyVauld

  jobs: 
    deployment: myDeployment
    strategy: 
      runOnce:
        deploy:
          steps:
          - template: myTemplate.yml
            parameters: 
              subscription: $(azureSubscription) # changing this to literal will work but not what I need
              vault: $(keyVaultName)

myTemplate.yml

parameters:
- name: subscription
  type: string
  default: ''
- name: vault
  type: string
  default: ''

steps:

- task: AzureKeyVault@1
  inputs:
    azureSubscription: '${{ parameters.subscription }}'
    keyVaultName: '${{ parameters.vault }}'
    secretsFilter: myKey

Answer 1

This is a known issue / limitation. You have to pass the Azure subscription as a literal. No way around it that I know of, unfortunately.

It's been a point of discussion for literally years on this GitHub issue: https://github.com/microsoft/azure-pipelines-agent/issues/1307

Answer 2

You need to go to Project setting -> Pipelines section -> Service connections and create a Service Connection for Azure Resource Manager, choose between Service principal and Managed identity authentication type.

After you can use the name of created Service Connection in your YAML file in azureSubscription parameter.