Azure DevOps Workload Identity Federation with Azure Overview. NO MORE SECRETS!

Рет қаралды 12,741

Күн бұрын

Getting rid of secrets when our Azure DevOps pipelines need to talk to Azure!
🔎 Looking for content on a particular topic? Search the channel. If I have something it will be there!
▬▬▬▬▬▬ C H A P T E R S ⏰ ▬▬▬▬▬▬
00:00 - Introduction
00:08 - Cross service authentication
01:25 - Using a secret
05:11 - ODIC federation
06:02 - OIDC
07:48 - Service connection using workload identity federation
11:36 - The token flow
16:15 - Creating a new service connection
17:11 - Converting an existing
18:02 - Using a managed identity
20:19 - Summary
▬▬▬▬▬▬ K E Y L I N K S 🔗 ▬▬▬▬▬▬
► Whiteboard:
🔗 github.com/johnthebrit/Random...
▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬
📖 Recommended Learning Path for Azure
🔗 learn.onboardtoazure.com
🥇 Certification Content Repository
🔗 github.com/johnthebrit/Certif...
📅 Weekly Azure Update
🔗 • Azure Infrastructure U...
☁ Azure Master Class
🔗 • Microsoft Azure Master...
⚙ DevOps Master Class
🔗 • DevOps Master Class
💻 PowerShell Master Class
🔗 • PowerShell Master Class
🎓 Certification Cram Videos
🔗 • Microsoft Certificatio...
🧠 Mentoring Content
🔗 • Virtual Mentoring
❔ Questions? Maybe I answered it in my FAQ
🔗 savilltech.com/faq
👕 Cure Childhood Cancer Charity T-Shirt Channel Store
🔗 johns-t-shirts-store.creator-...
👂 Enable the subtitles and from there you can translate to your native language via the auto-translate feature in settings! • KZfaq Captions and A... for a demo of using this feature.
SUBSCRIBE ✅ / @ntfaqguy
#microsoft #azure #johnsavillstechnicaltraining

Пікірлер: 21

@NTFAQGuy 5 ай бұрын

Get rid of those pesky secrets for our ADO service connections with workload identity federation! Please make sure to read the description for the chapters and key information about this video and others. ⚠ P L E A S E N O T E ⚠ 🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there! 🕰 I don't discuss future content nor take requests for future content so please don't ask 😇 🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc. 👂 Translate the captions to your native language via the auto-translate feature in settings! kzfaq.info/get/bejne/rJuSaJZetc2pnX0.html for a demo of using this feature. Thanks for watching! 🤙

@catalystred Ай бұрын

Just adding this note for anyone in the future. If you use the Workload Identity Federation (manual) option, you need to grant the permission "Microsoft.Resources/subscriptions/read" at the subscription level to the Managed Identity. Azure DevOps will give an error stating as much when you try to save the Service Connection.

@va55ag0 5 ай бұрын

Been waiting for this feature for so long! Thanks for the great deep dive explanation of how this all works 😊

@Dikimkd 5 ай бұрын

Excellent video. Clearly explained and very fun to watch!

@NTFAQGuy 5 ай бұрын

Glad you enjoyed it!

@massikherfallah6075 5 ай бұрын

Thank you for this videos. Now it is more clear :)

@GiovanniOrlandoi7 5 ай бұрын

Great video, John! Thank you ☁️

@NTFAQGuy 5 ай бұрын

My pleasure!

@AzureCloudCowboy 5 ай бұрын

Hey John. Thanks good video.

@soucianceeqdamrashti8175 2 ай бұрын

Excellent presentation as always! Learned a lot!

@NTFAQGuy 2 ай бұрын

Glad you enjoyed it!

@NZScottie 5 ай бұрын

I created my first one of these late last year. Now that you have made a video on it I will covert all my production ones to it. Haha. Seriously awesome not have expiring secrets.

@NTFAQGuy 5 ай бұрын

lol but yes :)

@rahulsawant485 4 ай бұрын

You are great what an easy explanation of openid and oauth and how workload identity is utilising it. Thanks

@NTFAQGuy 4 ай бұрын

Glad it was helpful!

@JeffreyJBlanchard 5 ай бұрын

Great video!

@NTFAQGuy 5 ай бұрын

Glad you enjoyed it

@jeffbrowntech 5 ай бұрын

Hi John, great overview. I've already been working on writing new pipelines using workload identity. Besides the differences you outlined in the video, do you have any preferences for using managed identity vs. service principal for the service connnection?

@NTFAQGuy 5 ай бұрын

Been using service principals (app registration) primarily.