Sign in with a personal access token (PAT)

Azure DevOps Services | Azure DevOps Server 2020

You can sign in using an Azure DevOps personal access token (PAT). To create a PAT, see Use personal access tokens.

To use a PAT with the Azure DevOps CLI, use one of these options:

User prompted to use az devops login

You're prompted to enter a PAT after you run the az devops login command:

$az devops login --organization https://dev.azure.com/contoso
Token:

Note

If you have already signed in with az login interactively or if you're using a user name and password, you're not required to provide a token because the az devops commands now support sign-in through az login. However, you can't sign in as the service principal via az login. In that scenario, a PAT is required.

When you're successfully signed in, this command also can set your default organization to Contoso, provided no default organization is configured.

Pipe PAT on StdIn to az devops login

From a variable

This option is useful in pipelines in which ##### can be replaced by $(System.AccessToken) or another pipeline variable:

echo  "######" | az devops login --organization https://dev.azure.com/contoso/

From a file

cat my_pat_token.txt | az devops login --organization https://dev.azure.com/contoso/

Use the AZURE_DEVOPS_EXT_PAT environment variable

To gain access in a non-interactive manner for automation scenarios, you can use environment variables or fetch a PAT from a file.

If az login or az devops login haven't been used, all az devops commands will try to sign in using a PAT stored in the AZURE_DEVOPS_EXT_PAT environment variable.

To use a PAT, set the AZURE_DEVOPS_EXT_PAT environment variable at the process level.

# set environment variable for current process
$env:AZURE_DEVOPS_EXT_PAT = 'xxxxxxxxxx'