Secure files

Azure Pipelines | Azure DevOps Server 2019 | TFS 2018 | TFS 2017 | TFS 2015


In Microsoft Team Foundation Server (TFS) 2018 and previous versions, run and release pipelines are called definitions, runs are called builds, service connections are called service endpoints, stages are called environments, and jobs are called phases.

Use the Secure Files library to store files such as signing certificates, Apple Provisioning Profiles, Android Keystore files, and SSH keys on the server without having to commit them to your source repository. Secure files are defined and managed in the Library tab in Azure Pipelines.

The contents of the secure files are encrypted and can only be used during the build or release pipeline by referencing them from a task. The secure files are available across multiple build and release pipelines in the project based on the security settings. Secure files follow the library security model.

There's a size limit of 10 MB for each secure file.

Q & A

How can I consume secure files in a Build or Release Pipeline?

Use the Download Secure File Utility task to consume secure files within a Build or Release Pipeline.

How can I create a custom task using secure files?

You can build your own tasks that use secure files by using inputs with type secureFile in the task.json. Learn how to build a custom task.

The Install Apple Provisioning Profile task is a simple example of a task using a secure file. See the reference documentation and source code.

To handle secure files during build or release, you can refer to the common module available here.

My task can't access the secure files. What do I do?

Make sure your agent is running version of 2.116.0 or higher. See Agent version and upgrades.

Why do I see an Invalid Resource error when downloading a secure file with Azure DevOps Server/TFS on-premises?

Make sure IIS Basic Authentication is disabled on the TFS or Azure DevOps Server.

How do I authorize a secure file for use in all pipelines?

  1. In Azure Pipelines, select the Library tab.
  2. Select the Secure files tab at the top.
  3. Select the secure file you want to authorize.
  4. In the details view under Properties, select Authorize for use in all pipelines, and then select Save.