Skip to content

Latest commit

 

History

History
45 lines (29 loc) · 1.67 KB

create-secrets-with-openid.md

File metadata and controls

45 lines (29 loc) · 1.67 KB
ms.topic ms.technology ms.manager ms.author author ms.date
include
devops-cicd
mijacobs
jukullam
juliakm
10/25/2022

Service principal

  1. In GitHub, go to your repository.

  2. Select Security > Secrets and variables > Actions.

    :::image type="content" source="../media/github-select-actions.png" alt-text="Screenshot of adding a secret":::

  3. Select New repository secret.

  4. Paste the entire JSON output from the Azure CLI command into the secret's value field. Give the secret the name AZURE_CREDENTIALS.

  5. Select Add secret.

OpenID Connect

You need to provide your application's Client ID, Tenant ID, and Subscription ID to the login action. These values can either be provided directly in the workflow or can be stored in GitHub secrets and referenced in your workflow. Saving the values as GitHub secrets is the more secure option.

  1. In GitHub, go to your repository.

  2. Select Security > Secrets and variables > Actions.

    :::image type="content" source="../media/github-select-actions.png" alt-text="Screenshot of adding a secret":::

  3. Select New repository secret.

  4. Create secrets for AZURE_CLIENT_ID, AZURE_TENANT_ID, and AZURE_SUBSCRIPTION_ID. Use these values from your Active Directory application for your GitHub secrets:

    GitHub Secret Active Directory Application
    AZURE_CLIENT_ID Application (client) ID
    AZURE_TENANT_ID Directory (tenant) ID
    AZURE_SUBSCRIPTION_ID Subscription ID

  5. Save each secret by selecting Add secret.