Updatecli supports Personal Access Token (PAT) authentication for interacting with Azure DevOps. You can authenticate using environment variables or directly in your manifest.

1. Personal Access Token via Environment Variables

Set the following environment variables to enable PAT authentication:

  • UPDATECLI_AZURE_DEVOPS_TOKEN: Your Azure DevOps Personal Access Token

  • UPDATECLI_AZURE_DEVOPS_USERNAME: Your Azure DevOps username

Example:

export UPDATECLI_AZURE_DEVOPS_TOKEN="your-pat-token"
export UPDATECLI_AZURE_DEVOPS_USERNAME="your-username"
Note

When these variables are set, Updatecli will use them for all Azure DevOps operations.

2. Personal Access Token via Manifest

You can specify your Personal Access Token directly in your Updatecli manifest under the spec.token and spec.username fields:

scms:
  default:
    kind: azuredevops
    spec:
      organization: myorg
      project: myproject
      repository: myrepo
      token: "{{ requiredEnv `UPDATECLI_AZURE_DEVOPS_TOKEN` }}"
      username: "{{ requiredEnv `UPDATECLI_AZURE_DEVOPS_USERNAME` }}"
Warning

For security reasons, it is recommended to use environment variables or secret management tools (like SOPS) instead of hardcoding tokens in your manifest.

Precedence and Fallback

Updatecli will use the first valid authentication method it finds, in the following order:

  1. Personal Access Token via environment variables

  2. Personal Access Token via manifest

If no valid authentication is found, Updatecli will fail with an error.

Further Reading

Tip: For best security and maintainability, prefer using environment variables for authentication, and avoid hardcoding secrets in your manifests.

Last modified on May 13, 2026
Edit this page on GitHub
← Docker Image