Reputation: 166
Clone a two-factor authentication enabled private GitHub repo from Azure Pipeline template with a PAT as a secret
I want to clone a 2FA enabled private GitHub repo to my azure pipeline. My configuration is as follows.
trigger: none
pr:
branches:
include:
- azure
pool:
vmImage: ubuntu-latest
steps:
- script: |
echo "--------------- Clone 2FA enabled private repo ---------------"
git clone https://github-azure-pipeline-user:$(PAT)@github.com/parent-org/2fa-enabled-github-repo.git
echo "--------------- Clone Completed ---------------"
displayName: 'Clone 2FA enabled private repo'
Personal access token(PAT) for github-azure-pipeline-user is configured as a variable from the Azure DevOps UI. The issue is when the type of the variable PAT is changed to secret from the UI, the git clone does not work. Authentication failed error is displayed.
--------------- Clone 2FA enabled private repo ---------------
Cloning into '2fa-enabled-github-repo'...
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/parent-org/2fa-enabled-github-repo.git/'
--------------- Clone Completed ---------------
When PAT is set as a plain text variable, this works without an issue.
Is this a bug in Azure pipelines or am I doing something wrong?
Upvotes: 0
Views: 735
Answers (1)
Reputation: 31083
As per documentation:
Secret variables are encrypted at rest with a 2048-bit RSA key. Secrets are available on the agent for tasks and scripts to use. Be careful about who has access to alter your pipeline.
Unlike a normal variable, they are not automatically decrypted into environment variables for scripts. You need to explicitly map secret variables.
So you may try the following syntax:
- script: |
echo "--------------- Clone 2FA enabled private repo ---------------"
git clone https://github-azure-pipeline-user:$env:[email protected]/parent-org/2fa-enabled-github-repo.git
echo "--------------- Clone Completed ---------------"
displayName: 'Clone 2FA enabled private repo'
env:
MY_MAPPED_ENV_VAR: $(PAT)
Upvotes: 1
Related Questions
- clone GitHub repo with fine-grained token
- Authenticating with Azure Repos git module sources in an Azure Pipelines build
- How to authenticate git push to GitHub within an Azure Pipeline Bash task
- How to use GitHub Branch as a paramater for Azure DevOps Pipelines?
- How to use PAT on Azure DevOPS Server to clone a git repo
- How to securely store Azure DevOps PAT token in a GitHub repo?
- How to get access to private repository of the same project inside an Azure pipeline on Ubuntu?
- Reuse Azure DevOps pipeline for GitHub release
- Is there a way to clone the code with a SSH Key when using generic git connection for Azure Dev Ops Pipelines?
- Can't clone a Azure DevOps repo from a pipeline job