playbooks

home / skills / ntaksh42 / agents / azure-service-connections

azure-service-connections skill

/.claude/skills/azure-service-connections

This skill helps configure and manage Azure DevOps service connections for Azure resources, GitHub repos, Docker registries, and Kubernetes deployments.

npx playbooks add skill ntaksh42/agents --skill azure-service-connections

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
1.8 KB
---
name: azure-service-connections
description: Configure Azure DevOps service connections for deployments. Use when setting up cloud service integrations or deployment credentials.
---

# Azure Service Connections Skill

Azure DevOpsサービス接続を管理するスキルです。

## 主な機能

- **Azure接続**: Azure Resource Manager
- **GitHub接続**: リポジトリ連携
- **Docker Hub**: コンテナレジストリ
- **Kubernetes**: AKSクラスター

## Azure Resource Manager接続

### サービスプリンシパル作成

```bash
# サービスプリンシパル作成
az ad sp create-for-rbac \
  --name "azure-devops-sp" \
  --role contributor \
  --scopes /subscriptions/{subscription-id}

# 出力
{
  "appId": "xxx",
  "displayName": "azure-devops-sp",
  "password": "yyy",
  "tenant": "zzz"
}
```

### Pipeline設定

```yaml
resources:
  - type: ServiceConnection
    name: Azure-Production
    serviceConnection: 'Azure-Prod-Connection'

steps:
  - task: AzureCLI@2
    inputs:
      azureSubscription: 'Azure-Prod-Connection'
      scriptType: 'bash'
      scriptLocation: 'inlineScript'
      inlineScript: |
        az group list
```

## GitHub接続

```yaml
resources:
  repositories:
    - repository: source-repo
      type: github
      endpoint: GitHub-Connection
      name: myorg/myrepo

trigger:
  - main

pool:
  vmImage: 'ubuntu-latest'

steps:
  - checkout: source-repo
  - script: echo "Building from GitHub"
```

## Docker Registry

```yaml
resources:
  containers:
    - container: build-container
      image: myregistry.azurecr.io/build:latest
      endpoint: Docker-Registry-Connection

steps:
  - script: |
      docker build -t myapp:$(Build.BuildId) .
      docker push myapp:$(Build.BuildId)
```

## バージョン情報
- Version: 1.0.0

Overview

This skill configures Azure DevOps service connections to enable secure deployments to Azure and integrations with GitHub, Docker registries, and Kubernetes clusters. It provides practical patterns and YAML snippets for creating Azure Resource Manager connections, registering GitHub endpoints, connecting container registries, and using those connections in pipelines. The goal is to simplify credential setup and pipeline access to cloud resources.

How this skill works

The skill automates creation and registration of service connections by guiding you to create a service principal for Azure Resource Manager and by linking external endpoints (GitHub, Docker, AKS) into Azure DevOps. It supplies concrete command and YAML examples you can drop into pipelines so tasks can reference named service connections for CLI, container, and repo access. Use it to centralize credentials, scope access, and make pipeline steps reference stable connection names.

When to use it

  • When configuring CI/CD pipelines that must access Azure subscriptions or resource groups.
  • When linking a GitHub repository to an Azure DevOps pipeline for source checkout.
  • When pushing or pulling container images from a private registry like ACR or Docker Hub.
  • When deploying containerized apps to AKS and needing a cluster connection in pipelines.
  • When standardizing credentials across multiple pipelines and teams.

Best practices

  • Create a service principal with least privilege and limit scopes to only required subscriptions or resource groups.
  • Store long-term secrets in Azure Key Vault and reference them from service connections where possible.
  • Rotate service principal credentials regularly and update the corresponding service connection values.
  • Use descriptive, consistent service connection names to make pipelines easier to read and maintain.
  • Test new connections in a non-production project or staging pipeline before rolling out to production.

Example use cases

  • Create an Azure service principal (az ad sp create-for-rbac) and register it as an ARM service connection used by AzureCLI tasks.
  • Connect a GitHub repo as a pipeline resource and perform checkouts and builds triggered by main branch changes.
  • Configure a Docker registry connection to push build images to myregistry.azurecr.io from pipeline scripts.
  • Register an AKS cluster as a service connection and run kubectl or Helm deployments from the pipeline.
  • Scope a service connection to a single subscription and use it across multiple environment-specific pipelines.

FAQ

How do I create the Azure service principal required for an ARM connection?

Use the Azure CLI command az ad sp create-for-rbac with a name, role, and scope. Capture the appId, password, and tenant values and enter them when creating the service connection in Azure DevOps.

How do pipelines reference a registered service connection?

Reference the service connection name in pipeline tasks or resources. For example, use azureSubscription: 'Azure-Prod-Connection' in an AzureCLI@2 step or endpoint: GitHub-Connection for repository resources.

How should I secure registry credentials used in pipelines?

Store registry credentials in the service connection or in Azure Key Vault and grant pipelines access. Limit registry permissions to push/pull as required.