Azure pipeline with submodules and docker

Question

I want to deploy an application which contains a submodule to a docker registry. The setup without the submodules works as expected.

I tried adding checkout: self and submodule: true to the job running the Docker tasks (see yaml below).

This produces the error message git@ssh.dev.azure.com: Permission denied (password,publickey).

trigger:
- main  

variables:
  dockerRegistryServiceConnection: <serviceconnection>
  imageRepository: <imageRepo>
  containerRegistry: <registry>
  dockerfilePath: <path>
  tag: <tag>

  vmImageName: 'ubuntu-latest'

stages:
- stage: Build
  displayName: Build and push stage
  jobs:
  - job: Build
    displayName: Build
    pool:
      vmImage: $(vmImageName)
    steps:
    - checkout: self
      submodules: true
    - task: Docker@2
      displayName: Build and push an image to container registry
      inputs:
        command: buildAndPush
        repository: $(imageRepository)
        dockerfile: $(dockerfilePath)
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: |
          $(tag)
    - task: Docker@2
      displayName: Build and push an image to container registry (latest)
      inputs:
        command: buildAndPush
        repository: $(imageRepository)
        dockerfile: $(dockerfilePath)
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: latest

Why do I need to authenticate towards a repo in the same project? Is there a way to add a ssh authentication to the yaml or to usse https cloning instead of ssh?

EDIT: Permission to use another repo in the build pipeline must be toggled, see answer.

Answer 1

Turns out the issue was related to project settings, "Protect access to repositories in YAML pipelines" - when toggled off, the pipeline was able to clone the subrepository.