Sign in with a Personal Access Token (PAT)

Azure DevOps Services | Azure DevOps Server 2020

You can sign in using an Azure DevOps Personal Access Token. See the create personal access token guide to create one.

You are prompted to enter a PAT after you run the az devops login command.

$az devops login --organization


If you have already signed in with az login interactively or using user name and password, then you don't have to provide a token as az devops commands now support sign in through az login. However, service principal log in via az login isn't supported, in which case a PAT token is required.

Once successfully signed in, this command would also set your default organization to Contoso, provided there is no default organization configured.

To gain access in a non-interactive manner for automation scenarios, you can use environment variables or fetch a PAT from a file.

Use environment variables

There are cases where persisting a personal access token on the machine is not feasible or secure. In these cases, you can get a token from an environment variable.

To use a personal access token, set the AZURE_DEVOPS_EXT_PAT environment variable at the process level:

# set environment variable for current process
$env:AZURE_DEVOPS_EXT_PAT = 'xxxxxxxxxx'

Replace xxxxxxxxxx with your PAT.

Now run any command without having to sign in explicitly. Each command will try to use the PAT in the environment variable for authentication.

Fetch PAT from a file

cat my_pat_token.txt | az devops login --organization