Sign in with a personal access token (PAT)
Azure DevOps Services | Azure DevOps Server 2020
You can sign in using an Azure DevOps personal access token (PAT). To create a PAT, see Use personal access tokens.
To use a PAT with the Azure DevOps CLI, use one of these options:
az devops loginand be prompted for the PAT token.
Pipe the PAT token on StdIn to
az devops login.
This option works only in a non-interactive shell.
AZURE_DEVOPS_EXT_PATenvironment variable, and don't use
az devops login.
You're prompted to enter a PAT after you run the
az devops login command:
$az devops login --organization https://dev.azure.com/contoso Token:
If you have already signed in with
az login interactively or if you're using a user name and password, you're not required to provide a token because the
az devops commands now support sign-in through
az login. However, you can't sign in as the service principal via
az login. In that scenario, a PAT is required.
When you're successfully signed in, this command also can set your default organization to Contoso, provided no default organization is configured.
From a variable
This option is useful in pipelines in which
##### can be replaced by
$(System.AccessToken) or another pipeline variable:
echo "######" | az devops login --organization https://dev.azure.com/contoso/
From a file
cat my_pat_token.txt | az devops login --organization https://dev.azure.com/contoso/
To gain access in a non-interactive manner for automation scenarios, you can use environment variables or fetch a PAT from a file.
az login or
az devops login haven't been used, all
az devops commands will try to sign in using a PAT stored in the
AZURE_DEVOPS_EXT_PAT environment variable.
To use a PAT, set the
AZURE_DEVOPS_EXT_PAT environment variable at the process level.